This is a BOF to return Domain Forest Name, Domain Name, Domain Controller+address+sitename

Windows APT Warfare, published by Packt

Encode powershell payload into bat files

An all-in-one Cobalt Strike BOF to patch, check and revert AMSI and ETW for x64 process. Both syscalls and dynamic resolve versions are available.

Remove AV/EDR Kernel ObRegisterCallbacks、CmRegisterCallback、MiniFilter Callback、PsSetCreateProcessNotifyRoutine Callback、PsSetCreateThreadNotifyRoutine Callback、PsSetLoadImageNotifyRoutine Callback...

Process Injection without R/W target memory and without creating a remote thread

A tool to exploit .NET Remoting Services

Project for tracking publicly disclosed DLL Hijacking opportunities.

The cutest Discord modification

Threadless Module Stomping In Rust with some features (In memory of those murdered in the Nova party massacre)

Dominate Active Directory with PowerShell.

.NET Decompiler with support for PDB generation, ReadyToRun, Metadata (&more) - cross-platform!

TartarusGate, Bypassing EDRs

Tool to bypass LSA Protection (aka Protected Process Light)

The Network Execution Tool

EXOCET - AV-evading, undetectable, payload delivery tool

nysm is a stealth post-exploitation container.

Threadless Process Injection through entry point hijacking

Dump ntds.dit really fast

The LLVM Project is a collection of modular and reusable compiler and toolchain technologies.

Some notes and examples for cobalt strike's functionality

Dump the memory of a PPL with a userland exploit

micr0shell is a Python script that dynamically generates Windows X64 PIC Null-Free reverse shell shellcode.

PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS.

Exploitation Framework for Embedded Devices

Collection of beacon BOF written to learn windows and cobaltstrike

Metasploit Framework

Tool to create hidden registry keys.