ββββ β β ββ βββ βββ ββββββ ββββββ ββββββ
ββ ββ β ββ ββββββββ ββββ βββ β ββ β ββββ ββ
βββ ββ ββββββ ββββββββ ββββ β ββββ ββββ βββ β
ββββ ββββββββ ββββββββ ββββ β ββββββ β ββββ ββββ
ββββ ββββββββββββ βββββββββββββββββββββββββββββββββ βββββ β
β ββ β β ββββ β β β βββ ββ βββ ββ βββ β βββ ββ ββ ββ β β
β β β β β β β β β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
ββββββββββββββββββββ S T E A L T H βββββββββββββββββββββββββ
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
bad-antics
π Join discord.gg/killers for premium features!
| Tool | Language | Description | Free | Premium |
|---|---|---|---|---|
| stegohide | Crystal | Advanced steganography encoder | β | π₯ |
| procmask | Lua | Process name/memory masking | β | π₯ |
| timewarp | D | Timestamp manipulation | β | π₯ |
| cryptchan | Haskell | Encrypted covert channels | β | π₯ |
| ghostmem | V | Fileless memory execution | β | π₯ |
| avbypass | Crystal | AV signature evasion | β | π₯ |
nullsec-stealth/
βββ crystal/
β βββ stegohide.cr # Steganography encoder/decoder
βββ lua/
β βββ procmask.lua # Process masking utility
βββ dlang/
β βββ timewarp.d # Timestamp manipulation
βββ haskell/
β βββ cryptchan.hs # Encrypted covert channels
βββ vlang/
βββ ghostmem.v # Fileless memory execution
cd crystal
crystal build stegohide.cr --release -o stegohide
./stegohide encode -i secret.txt -c cover.png -o output.pngcd lua
lua procmask.lua --pid 1234 --name "systemd"cd dlang
dmd -release -O timewarp.d -of=timewarp
./timewarp --file target.exe --time "2020-01-01 00:00:00"cd haskell
ghc -O2 cryptchan.hs -o cryptchan
./cryptchan --mode server --port 443 --key mykeycd vlang
v -prod ghostmem.v -o ghostmem
./ghostmem --payload shellcode.bin --target pidAdvanced steganography tool supporting multiple carrier formats:
- PNG/BMP - LSB encoding with encryption
- JPEG - DCT coefficient manipulation
- WAV/MP3 - Audio spectrum hiding
- PDF - Whitespace encoding
- AES-256 encryption for payloads
Process evasion and masking utility:
- Rename running process in memory
- Mask command line arguments
- Hollow process injection setup
- Parent PID spoofing preparation
- Module list manipulation
Timestamp manipulation for anti-forensics:
- Modify MACB timestamps (Modified, Accessed, Changed, Birth)
- Recursive directory timestamp matching
- Random timestamp within range
- Clone timestamps from reference file
- NTFS $STANDARD_INFO and $FILE_NAME manipulation
Encrypted covert communication channels:
- DNS tunneling with encryption
- ICMP covert channel
- HTTP header smuggling
- TLS certificate field hiding
- Timing-based channels
Fileless payload execution:
- Direct syscall execution
- Memory-only payload loading
- Process hollowing
- Module stomping
- Thread execution hijacking
FOR EDUCATIONAL AND AUTHORIZED SECURITY TESTING ONLY
These tools are designed for:
- Red team engagements
- Penetration testing
- Security research
- Educational purposes
Unauthorized use against systems you don't own or have permission to test is illegal.
NullSec Proprietary License - See LICENSE for details.
Premium features require a valid key from discord.gg/killers