GitHub - JM00NJ/Phantom-Evasion-Loader: Phantom-Evasion-Loader is a standalone, pure x64 Assembly injection engine engineered to minimize the detection surface of modern EDR/XDR solutions and Kernel-l... Phantom-Evasion-Loader is a standalone, pure x64 Assembly injection engine engineered to minimize the detection surface of modern EDR/XDR solutions and Kernel-level monitors like Falco (eBPF). It l...

Phantom-Evasion-Loader - a standalone, pure x64 Assembly injection engine engineered to minimize the detection surface of modern EDR/XDR solutions and Kernel-level monitors like Falco (eBPF)

📝 Missed the write‑up on abusing SpeechRuntime for lateral movement?
This diagram summarizes the chain.⤵️
✒️ ipurple.team/2026/04/07/m...

Credential Guard Microsoft introduced Credential Guard in Windows 10 (2015) and Windows Server 2016 to prevent credential harvesting from the LSASS process that was abused for years by threat actors. Microsoft used…

Offensive Cases about Credential Guard & Detection Strategies #purpleteam

GitHub - Whitecat18/LazyDLLSideload: Generate DLL proxy/sideload projects. Automatically parses PE export tables and generates ready-to-compile project for red team engagements. Generate DLL proxy/sideload projects. Automatically parses PE export tables and generates ready-to-compile project for red team engagements. - Whitecat18/LazyDLLSideload

Generate DLL proxy/sideload projects. Automatically parses PE export tables and generates ready-to-compile project for red team engagements github.com/Whitecat18/L...

GitHub - EricEsquivel/CobaltStrike-Linux-Beacon: Proof of Concept (PoC) implant for creating custom Cobalt Strike Beacons Proof of Concept (PoC) implant for creating custom Cobalt Strike Beacons - EricEsquivel/CobaltStrike-Linux-Beacon

Proof of Concept (PoC) implant for creating custom Cobalt Strike Beacons github.com/EricEsquivel... #redteam

GitHub - ricardojoserf/AutoPtT: Automated Pass-the-Ticket (PtT) attack. Standalone alternative to Rubeus and Mimikatz for this attack, implemented in C++ and Python. Automated Pass-the-Ticket (PtT) attack. Standalone alternative to Rubeus and Mimikatz for this attack, implemented in C++ and Python. - ricardojoserf/AutoPtT

Automated Pass-the-Ticket (PtT) attack. Standalone alternative to Rubeus and Mimikatz for this attack, implemented in C++ and Python github.com/ricardojoser... #redteam

GitHub - CaptMag/MalDev: Creation of multiple Malware tools consisting of evasion, enumeration and exploitation Creation of multiple Malware tools consisting of evasion, enumeration and exploitation - CaptMag/MalDev

Creation of multiple Malware tools consisting of evasion, enumeration and exploitation github.com/CaptMag/MalDev

GAC Hijacking The Global Assembly Cache is a system-wide repository in the .NET framework that stores strong named (name + version + culture + public key token identity) assemblies so multiple applications can u…

📢 New article about GAC Hijacking to perform Code Execution and Persistence
📖 1x Playbook - A structured breakdown of the full approach
💡 3x Detection Opportunities
🏹 2x Threat Hunting Queries - Defender & Splunk
ipurple.team/2026/02/10/g...

GitHub - EvilBytecode/CustomDpapi: Calling the undocumented DPAPI RPC interface directly, no more calling public CryptUnprotectData! Calling the undocumented DPAPI RPC interface directly, no more calling public CryptUnprotectData! - EvilBytecode/CustomDpapi

CustomDpapi: Calling the undocumented DPAPI RPC interface directly, no more calling public CryptUnprotectData! github.com/EvilBytecode...

GitHub - CodeXTF2/Cobaltstrike_BOFLoader: open source port/reimplementation of the Cobalt Strike BOF Loader as is open source port/reimplementation of the Cobalt Strike BOF Loader as is - CodeXTF2/Cobaltstrike_BOFLoader

An open-source port/reimplementation of the Cobalt Strike BOF Loader

GitHub - Maldev-Academy/DumpBrowserSecrets: Extracts browser-stored data such as refresh tokens, cookies, saved credentials, credit cards, autofill entries, browsing history, and bookmarks from modern... Extracts browser-stored data such as refresh tokens, cookies, saved credentials, credit cards, autofill entries, browsing history, and bookmarks from modern Chromium-based and Gecko-based browsers ...

Extracts browser-stored data such as refresh tokens, cookies, saved credentials, credit cards, autofill entries, browsing history, and bookmarks from modern Chromium-based and Gecko-based browsers (Chrome, Microsoft Edge, Firefox, Opera, Opera GX, and Vivaldi)

GitHub - dis0rder0x00/DbgNexum: Shellcode injection using the Windows Debugging API Shellcode injection using the Windows Debugging API - dis0rder0x00/DbgNexum

DbgNexum - a Proof-of-Concept for injecting shellcode using the Windows Debugging API and Shared Memory (File Mapping).

GitHub - 256AndreiAES/Aether-C2-Framework: Advanced Red Team C2 Framework written in Rust & Python. Advanced Red Team C2 Framework written in Rust & Python. - 256AndreiAES/Aether-C2-Framework

Aether C2 - Aether project operates on a Full Duplex, End-to-End Encrypted channel, utilizing direct WinAPI syscalls for evasion and a modular architecture for scalability github.com/256AndreiAES...

GitHub - Maldev-Academy/GhostlyHollowingViaTamperedSyscalls2 Contribute to Maldev-Academy/GhostlyHollowingViaTamperedSyscalls2 development by creating an account on GitHub.

Ghostly Hollowing Via Tampered Syscalls github.com/Maldev-Acade...