BYOVD: Use 360 ​​WFP driver to block EDR/XDR network connection.

A tool to transform Chromium browsers into a C2 Implant

Project for generating and identifying deceptive LNK files.

Proof of Concept (PoC) implant for creating custom Cobalt Strike Beacons

Erebus is an Initial Access wrapper for the Mythic Command & Control Server. It converts existing Mythic shellcode into payloads specifically used for phishing and IA operations.

Linux Shared Library to Shellcode Loader

AppLocker-Based EDR Neutralization

A collection of DPAPI hunting and parsing BOFs

Morpheus is an lsass stealer that extracts lsass.exe in RAM and exfiltrates it via forged and crypted NTP packets. For authorized testing only!

The code I write in my blog

The Mimikatz Missing Manual

Dominate the domain. Relay to royalty.

Breaking TP-Link's attempt at GDPR compliance

Audiodg.exe DLL hijacking for LPE with reboot-free restart primitive. Executes code as LOCAL SERVICE, escalates to SYSTEM via Scheduled Tasks.

A tool to convert windows registry export files into windows hive files that can be used to replace NTUSER.MAN

A Windows Named Pipe Multi-tool / Proxy

Open-source offensive security platform for conducting phishing campaigns that weaponizes iCalendar automatic event processing.

A PoC UDRL for Cobalt Strike built with Crystal Palace that combines Raphael Mudge's page streaming technique with a modular call gate (Draugr)

A TUI for Active Directory collection.

Just another EDR killer

System Call Integrity Layer - experimental security research

RPC to WebClient startup

Network Fuzzing Framework

Patching "signtool.exe" to accept expired certificates for code-signing.

One WSL BOF to rule them all

A C# tool for extracting information from SCCM PXE boot media.