a simple poc showcasing the ability of an admin to suspend EDR's protected processes , making it effectively useless if ran morethan 5 minutes the system freezes to death.
https://github.com/cpu0x00/EternelSuspention

Disable Windows Defender (+ UAC Bypass, + Upgrade to SYSTEM)
https://github.com/EvilGreys/Disable-Windows-Defender-

NTLM Relay Gat - streamlines the process of exploiting NTLM relay vulnerabilities, offering a range of functionalities from listing SMB shares to executing commands on MSSQL databases.
https://github.com/ad0nis/ntlm_relay_gat

This repository contains multiple PowerShell noscripts that can help you respond to cyber attacks on Windows Devices.
https://github.com/Bert-JanP/Incident-Response-Powershell

Indirect Dynamic Syscall, SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird + Spawns a sacrificial Process as target process + (ACG+BlockDll) mitigation policy on spawned process + PPID spoofing + Api resolving from TIB + API hashing
https://github.com/reveng007/DarkWidow

RedPersist is a Windows #Persistence tool written in C#
https://github.com/mertdas/RedPersist

Cobalt Strike Profiles for EDR #Evasion
https://github.com/EvilGreys/Cobalt-Strike-Profiles-for-EDR-Evasion

With PPLDescribe, you can retrieve information about processes that are protected by PPL. The tool parses PS_PROTECTION, PS_PROTECTED_TYPE and PS_PROTECTED_SIGNER structures to retrieve the information
#Credential_access
https://github.com/MzHmO/PPLDescribe

Remote buffer overflow over wifi_stack in wpa_supplicant binary in android 11, platform:samsung a20e, stock options so like works out of the box
https://github.com/SpiralBL0CK/Remote-buffer-overflow-over-wifi_stack-in-wpa_supplicant-binary-in-android-11-platform-samsung-a20e

Simulate the behavior of AV/EDR for malware development training.

https://github.com/Helixo32/CrimsonEDR/tree/main

Collection of #UAC #Bypass Techniques Weaponized as BOFs

https://github.com/icyguider/UAC-BOF-Bonanza

A tool which bypasses AMSI (AntiMalware Scan Interface) and PowerShell CLM (Constrained Language Mode) and gives you a FullLanguage PowerShell reverse shell. #evasion
https://github.com/Sh3lldon/FullBypass

password dumping via nplogongnotify()
https://github.com/gtworek/PSBits/tree/master/PasswordStealing/NPPSpy2

یک تکنیک جدید جهت احراز هویت اجباری ADCS
https://github.com/decoder-it/ADCSCoercePotato
https://decoder.cloud/2024/02/26/hello-im-your-adcs-server-and-i-want-to-authenticate-against-you/
#ردتیم

Keylogging in the Windows kernel with undocumented data structures
https://github.com/eversinc33/Banshee
https://eversinc33.com/posts/kernel-mode-keylogging/

Teler Real-time HTTP intrusion detection
https://github.com/kitabisa/teler

Process Hypnosis: Debugger assisted control flow hijack
https://github.com/CarlosG13/Process-Hypnosis-Debugger-assisted-control-flow-hijack/tree/main
API : https://malapi.io/winapi/DebugActiveProcessStop

Universal local privilege escalation Proof-of-Concept exploit for CVE-2024-1086, working on most Linux kernels between v5.14 and v6.6, including Debian, Ubuntu, and KernelCTF. The success rate is 99.4% in KernelCTF images.
https://github.com/notselwyn/cve-2024-1086