A Beacon Object File (BOF) that performs the complete ESC1 attack chain in a single execution: certificate request with arbitrary SAN (+SID), PKINIT authentication, and NT hash extraction via UnPAC…

Open-source offensive security platform for conducting phishing campaigns that weaponizes iCalendar automatic event processing.

Just custom BOFS

shellcode transformation tool for YARA evasion

An open-source self-hosted purple team management web application.

Decrypt Veeam database passwords

Tiny script to run .prompt files

Agent for AdaptixC2 containing lateral movement capabilities ( WMI, SCM, WinRM, DCOM), bof/dotnet/shellocde in memory executions, postex modules with shellcode and bof with possibilities of fork ex…

Collection of BOFs created for red team/adversary engagements. Created to be small and interchangeable, for quick recon or eventing.

Beacon Object File (BOF) that utilizes the Early Bird Cryo Injection technique in order to perform shellcode injection through frozen job objects.

Dump protected files (SAM,SYSTEM,SECURITY) by parsing the raw NTFS partition

EDR-Redir : a tool used to redirect the EDR's folder to another location.

Wonka is a sweet Windows tool that extracts Kerberos tickets from the Local Security Authority (LSA) cache. Like finding a ticket, but for security research and penetration testing! 🎫

Evasion for Cobalt Strike

An NTP channel for Beacons, implemented using Cobalt Strike’s External C2 framework.

AWS X-Ray for Covert Command & Control

adws enumeration bof

A writing and design platform that thinks nonlinearly (in relationships) while enabling you to generate documents and communicate your work in a linear format.

A Python utility to dump Kubernetes resources and store them in BloodHound's OpenGraph

Red Team AI prompts

GCP-Hound - Google Cloud Security Attack Path Discovery Tool - v1.0

HexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug b…

An Infrastructure as code proof of concept to deploy a bare minimum AD environment in AWS.

Dump processes over WMI with MSFT_MTProcess

Python script to leverage MSFT_MTProcess WMI class

NSecSoftBYOVD POC

MCP for Security: A collection of Model Context Protocol servers for popular security tools like SQLMap, FFUF, NMAP, Masscan and more. Integrate security testing and penetration testing into AI wor…