Reverse Engineering

Our efforts in Reverse engineering aids in identifying vulnerabilities, understanding threats, and formulating robust defense mechanisms, making it integral to maintaining a secure and resilient digital environment.

Malware Research

Our focus in malware research involves dissecting and understanding the operation of malicious software. By documenting their behavior and impact, we provide crucial insights that aid in devising effective defensive strategies, contributing to a better understanding and stronger defense against emerging cyber threats.

Penetration Testing

We offer penetration testing services, identifying vulnerabilities by simulating real-world attacks on your digital infrastructure. Our process uncovers potential threats, providing actionable insights for improved security measures, ensuring robust defense and resilience for your business operations.

Open-Source

Our involvement in open-source focuses on offensive security techniques and tools. We utilize and contribute to community-driven projects. This collaborative approach promotes innovative solutions, ultimately strengthening defense against evolving cyber threats.

Some of Our Projects


Latest Events

New Unprotect Delphi Code Snippet added for technique DLL Injection via CreateRemoteThread and LoadLibrary with both support of x86-32 and x86-64.

2 years, 3 months ago

New Unprotect Delphi Code Snippet added for technique ProcEnvInjection - Remote code injection by abusing process environment strings for both x86-32 and x86-64.

2 years, 3 months ago

New code snippet that demonstrate how Malware authors create self-deleting application. This technique rely on an external command line interpreter process that attempt to delete malware sample when sample process is terminated.

2 years, 3 months ago

  • Streaming performance considerably increased. FPS rate increased by 65% and can be optimised further by tweaking available options.
  • Streaming desktop resolution is now controlled by the viewer.
  • FastResize option was removed.
  • Code optimisation.
  • Windows key is now supported.
  • Virtual Desktop window will show above terminal window.
  • Beta support of LogonUI (Winlogon Protected Desktop).

2 years, 6 months ago

The purpose of this tool is to allow users to run applications with system-level privileges in the context of their current active Windows session, using only the Microsoft Windows Task Scheduler.

Unlike other common tools, this technique does not require any external software or services, and can be easily configured to launch the system terminal and run the desired application within the current session. This allows users to access system-level functionality and interact with the application in real time.

2 years, 6 months ago

  • Invoke-RemoteDesktopServer error fixed during module import.

2 years, 6 months ago

  • Code improvement.
  • Streaming performance increased.
  • X509 Certificate password supported.

2 years, 7 months ago

  • Option to prevent server computer to enter sleep mode.
  • Streaming performance increased by using dirty region detection (motion update). Only the part of Remote Desktop that changed are sent to viewer.
  • Mouse control improved.
  • Keyboard control improved.
  • Code improvement.

2 years, 7 months ago

PowerRunAsAttached is a ported version of RunAsAttached in pure PowerShell.

2 years, 7 months ago

PowerBruteLogon is a ported version of WinBruteLogon in pure PowerShell.

2 years, 7 months ago

  • Application protocol redesigned to be more fast, stable and modular.
  • Session concurrency now supported. Multiple viewers can connect to the same server at the same time.
  • Possibility to shutdown server using CTRL+C
  • Streaming quality is now controlled by the viewer.
  • Desktop image size is now requested server-side.
  • Bug fix in virtual desktop alignement.
  • Timeout implement during protocol negotiations to avoid possible dead locks.
  • Virtual desktop can now be set on top of other windows.
  • Server supports SecureString for authentication password.

2 years, 7 months ago

  • Deprecated TransportMode option removed.
  • Streaming performance improved.
  • Code improvement, release stability is good enough to mark release as stable.

2 years, 7 months ago

  • Code improvement.
  • Ingress / Egress event support.
  • Bug fix for password generation algorithm.
  • Bug fix for virtual keyboard.
  • Clipboard synchronisation implemented.
  • View only option added. If used remote viewer cannot control remote server.

2 years, 8 months ago

  • Viewer now support SecureString to handle password.
  • Certificate fingerprint validation implemented server-side.
  • Trust a remote server temporarily or definitively (can be revoked)
  • Server-trust management system.

2 years, 8 months ago

  • Possibility to control desktop streaming image quality.
  • Support multiple monitors. You can choose which monitor to stream.

2 years, 8 months ago

  • HDPI is completely supported for both viewer and server.

2 years, 8 months ago

  • Desktop streaming is now sent in raw rather than base64 encoded thus increasing streaming performance. Base64 streaming encoding is still available as an option but marked as deprecated.
  • Application protocol revisited.
  • TLS v1.3 now optionally supported.
  • Code improvements.
  • Password complexity is enforced to avoid hosting a dangerous Remote Desktop server.
  • Console verbosity can be disabled.
  • Versions synchronisation implemented. Viewer version must fit with remote server and vis versa.

2 years, 8 months ago

Power Remote Desktop is a powerful and easy-to-use remote desktop application that is written entirely in PowerShell. Unlike other remote desktop solutions, it does not rely on any external software or protocols to function, making it quick and easy to install and use. Its primary advantage is its use of PowerShell, which allows for seamless integration with other scripts and tools, as well as its user-friendly interface. Power Remote Desktop is a versatile and reliable solution for anyone needing to access and control remote computers.

2 years, 8 months ago

The tool is a PowerShell module that allows you to load and execute .NET assemblies from memory, transferred over a network connection such as HTTP. It consists in retrieving the .NET assembly located at an URL. It then loads the assembly into memory and executes with given parameters.

This tool is useful for anyone who needs to load and execute .NET assemblies over a network connection, such as during a penetration testing engagement or when working with remote systems. It allows you to easily load and execute assemblies from memory, without the need to save them to disk first.

2 years, 10 months ago