Public malware techniques used in the wild: Virtual Machine, Emulation, Debuggers, Sandbox detection.

Bear C2 is a compilation of C2 scripts, payloads, and stagers used in simulated attacks by Russian APT groups, Bear features a variety of encryption methods, including AES, XOR, DES, TLS, RC4, RSA …

A powerful, modular, lightweight and efficient command & control framework written in Nim.

ARL官方仓库备份项目：ARL(Asset Reconnaissance Lighthouse)资产侦察灯塔系统旨在快速侦察与目标关联的互联网资产，构建基础资产信息库。 协助甲方安全团队或者渗透测试人员有效侦察和检索资产，发现存在的薄弱点和攻击面。

Pocsuite 是知道创宇安全研究团队打造的一款基于漏洞与 PoC 的远程漏洞验证框架

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, se…

Subdomain enumeration tool, asynchronous dns packets, use pcap to scan 1600,000 subdomains in 1 second

stealth userland kit that doesn't use sys_clone/sys_execve call

一款部署于云端或本地的隧道代理池中间件，可将静态代理IP灵活运用成隧道IP，提供固定请求地址，一次部署终身使用

APT & CyberCriminal Campaign Collection

An LLVM Pass from Hikari-LLVM15

This repository contains my complete resources and coding practices for malware development using Rust 🦀.

Set of tools to analyze Windows sandboxes for exposed attack surface.

⚡ KCP - A Fast and Reliable ARQ Protocol

A tool matrix for Russian APTs based on the Ransomware Tool Matrix

Capturing SSL/TLS plaintext without a CA certificate using eBPF. Supported on Linux/Android kernels for amd64/arm64.

Ip2region (2.0 - xdb) is a offline IP address manager framework and locator, support billions of data segments, ten microsecond searching performance. xdb engine implementation for many programming…

蓝队分析研判工具箱，功能包括内存马反编译分析、各种代码格式化、网空资产测绘功能、溯源辅助、解密冰蝎流量、解密哥斯拉流量、解密Shiro/CAS/Log4j2的攻击payload、IP/端口连接分析、各种编码/解码功能、蓝队分析常用网址、java反序列化数据包分析、Java类名搜索、Fofa搜索、Hunter搜索等。

Interesting APT Report Collection And Some Special IOC

A basic C2 framework written in C

火绒剑独立版

Remove AV/EDR Kernel ObRegisterCallbacks、CmRegisterCallback、MiniFilter Callback、PsSetCreateProcessNotifyRoutine Callback、PsSetCreateThreadNotifyRoutine Callback、PsSetLoadImageNotifyRoutine Callback...

一款轻量级、高性能、功能强大的内网穿透代理服务器。支持tcp、udp、socks5、http等几乎所有流量转发，可用来访问内网网站、本地支付接口调试、ssh访问、远程桌面，内网dns解析、内网socks5代理等等……，并带有功能强大的web管理端。a lightweight, high-performance, powerful intranet penetration proxy serv…

A free, powerful, multi-purpose tool that helps you monitor system resources, debug software and detect malware. Brought to you by Winsider Seminars & Solutions, Inc. @ http://www.windows-internals…

【三万字原创】完全零基础从0到1掌握Java内存马，公众号：追梦信安

Indicators of Compromise

免费在线社工库，免费Telegram社工库

详细的C/C++编程规范指南，由360质量工程部编著，适用于桌面、服务端及嵌入式软件系统。

iOS platform security & anti-tampering Swift library

A Windows/macOS/Linux GUI based on Clash