A Frida module to dump, trace or hijack any IL2CPP application at runtime, without needing the global-metadata.dat file.

Continuation of Il2CppInspector - A powerful automated tool for reverse engineering Unity IL2CPP binaries.

companion to our book of the same name, ISBN: 9781394199884

Local SYSTEM auth trigger for relaying

Malleable shellcode loader written in C and Assembly utilizing direct or indirect syscalls for evading EDR hooks

The Phish is the Bait. Identify security infrastructure by deploying intentionally suspicious links that bait scanners and blue teams. Fingerprints automated systems to optimize your actual campaig…

Research on the internal workings of Google's Play Integrity Protect Virtual Machine (VM) with tools for both disassembling and decompiling the bytecode.

Android Application Identifier for Packers, Protectors, Obfuscators and Oddities - PEiD for Android

Work-in-progress tool to reverse unity's IL2CPP toolchain.

Backup a MySQL database only with PHP (without mysqldump)

Samba Docker image

UnrealEngine_Dedicated_Server_Install_CA

KWorld is a kernel driver for removing the anti-debugging technique ThreadHideFromDebugger from processes.

Open eClass

Privilege Escalation Enumeration Script for Windows

SigFlip is a tool for patching authenticode signed PE files (exe, dll, sys ..etc) without invalidating or breaking the existing signature.

A set of fully-undetectable process injection techniques abusing Windows Thread Pools

Stand up a simple Elastic container with Kibana, Fleet, and the Detection Engine

AD Miner is an Active Directory audit tool that leverages cypher queries to crunch data from the #Bloodhound graph database to uncover security weaknesses

Automatically extract and decrypt all configured scanning credentials of a Lansweeper instance.

Redirecting (specific) TCP, UDP and ICMP traffic to another destination.

Steamless is a DRM remover of the SteamStub variants. The goal of Steamless is to make a single solution for unpacking all Steam DRM-packed files. Steamless aims to support as many games as possible.

Tools for extract and repack kfc_data archives from games developed by Keen Games

PowerShell Pass The Hash Utils

Advanced usermode anti-anti-debugger. Forked from https://bitbucket.org/NtQuery/scyllahide

A tool which bypasses AMSI (AntiMalware Scan Interface) and PowerShell CLM (Constrained Language Mode) and gives you a FullLanguage PowerShell reverse shell.

Scripts for the Ghidra software reverse engineering suite.

Utility to find AES keys in running processes