Levis Nickaster's Projects
Hiding unsigned DLL inside a signed DLL
Attack and defend active directory using modern post exploitation adversary tradecraft activity
Obfuscation library based on C++11/14 and metaprogramming
x64 binary obfuscator
A bunch of Windows anti-debugging tricks for x86 and x64.
Collection of my Arch_Linux Configuration (themes, scripts)
A C compiler targeting an artistically pleasing nightmare for reverse engineers
Complete x86/x64 JIT and AOT Assembler for C++
A DLL loader with advanced evasive features
Documentation and specifications
Fork of SafetyKatz that dynamically fetches the latest pre-compiled release of Mimikatz directly from gentilkiwi GitHub repo, runtime patches signatures and uses SharpSploit DInvoke to PE-Load into memory.
Biker's tracing app
A attempt at replicating BLACKLOTUS capabilities, whilst not acting as a direct mimic.
💿 📌 This is a cross platform RAT tool [Android RAT] [Windows RAT] [Linux RAT] [MAC RAT] which is programmed in VB.net and builds out trojans (.exe , .apk & .jar) and controls the victims running those trojans on same port at same time , and this tool is now registerd to be free , and on the user`s responsibility
Reverse Protocol of some well-known malwares/botnets
Brook is a cross-platform strong encryption and not detectable proxy. Zero-Configuration. Brook 是一个跨平台的强加密无特征的代理软件. 零配置.
远控免杀系列文章及配套工具,汇总测试了互联网上的几十种免杀工具、113种白名单免杀方式、8种代码编译免杀、若干免杀实战技术,并对免杀效果进行了一一测试,为远控的免杀和杀软对抗免杀提供参考。
This map lists the essential techniques to bypass anti-virus and EDR
All Algorithms implemented in C++
Exploit for CVE-2021-40449 - Win32k Elevation of Privilege Vulnerability (LPE)
Load your driver like win32k.sys
Obfuscate specific windows apis with different apis
Catalyst is an open source SOAR system that helps to automate alert handling and incident response processes
A collection of single-file C libraries. (generic containers, random number generation, argument parsing and other functionalities)
x64 ring0 rootkit with process hiding, privilege escalation, and capabilities for protecting and unprotecting processes
Kernel mode driver for reading/writing process memory. C/Win32.
Game cheat base and clean architecture for your next cheat
Dump .net assembly from a native loader which uses ClrCreateinstance
Some notes and examples for cobalt strike's functionality
Scan files or process memory for CobaltStrike beacons and parse their configuration