Proof of Concept (PoC) implant for creating custom Cobalt Strike Beacons

A Bof to dump domain credentials via DRSGetNCChanges, Created for use with the Adaptix C2.

C# to read WIM files over the network without transferring the whole file

An alternative to the builtin clipboard feature in Cobalt Strike that adds the capability to enable/disable and dump the clipboard history.

Obfusk8: lightweight Obfuscation library based on C++17 / Header Only for windows binaries

Collection of BOFs created for red team/adversary engagements. Created to be small and interchangeable, for quick recon or eventing.

Extract data from modern Chrome versions, including refresh tokens, cookies, saved credentials, autofill data, browsing history, and bookmarks

Generate BloodHound compatible JSON from logs written by ldapsearch BOF, pyldapsearch and Brute Ratel's LDAP Sentinel

Shellcode injection using the Windows Debugging API

Remote BOF Runner is a Havoc extension framework for remote execution of Beacon Object Files (BOFs) using a PIC loader made with Crystal Palace.

ProfileHound - BloodHound OpenGraph collector for user profiles stored on domain machines. Make informed decisions about looting secrets by identifying active user profiles on domain machines.

Trying to tame the three-headed dog.

Fully autonomous AI hacker to find actual exploits in your web apps. Shannon has achieved a 96.15% success rate on the hint-free, source-aware XBOW Benchmark.

A C# utility for interacting with SCOM

Create pretty screenshots of your requests and response right into Caido

A tool leveraging Kerberos tickets to get Microsoft 365 access tokens using Seamless SSO

Moonwalk++: Simple POC Combining StackMoonwalking and Memory Encryption

Windows Session Hijacking via COM

Evade behavioral analysis by executing malicious code within trusted Microsoft call stacks, patchless hooking library IAT/EAT.

proper ntdll .text section unhooking via native api. unlike other unhookers this doesnt leave 2 ntdlls loaded. x86/x64/wow64 supported.

Original Proof-of-Concepts for React2Shell CVE-2025-55182

Using Chromium-based browsers as a proxy for C2 traffic.

Modern security products (CrowdStrike, Bitdefender, SentinelOne, etc.) hook the nLoadImage function inside clr.dll to intercept and scan in-memory .NET assembly loads. This tool unhooks that functi…

A PoC to working with Havoc ExternalC2. With communicate through Microsoft GraphAPI channel

Using fibers to run in-memory code.

UAC Bypass using UIAccess program QuickAssist

Library that provides Python examples for interacting with the Cobalt Strike REST API