All-in-one macOS binary analysis: Mach-O parsing, ARM64 disassembly, code signatures, and debugging.

A tool which is uses to remove Windows Defender in Windows 8.x, Windows 10 (every version) and Windows 11.

YouTube-based karaoke party app with QR queueing.

Resources from Jamal & Giuliana's presentation on reserving bytecode into bounties for Jira and Confluence Plugins [BSides Canberra and Kawaiicon 2025]]

FindMy Cache Decryptor is a reverse-engineered tool that decrypts cached data files from Apple's Find My application on macOS. It addresses the encryption introduced in macOS 14.4+ that broke exist…

This code silently installs Chrome extensions on Mac, Windows, and Linux

Extract files from any kind of container formats

A collection of stealthy macOS post-exploitation tools written in Python.

WireGuard VPN server installer for Ubuntu, Debian, AlmaLinux, Rocky Linux, CentOS, Fedora, openSUSE and Raspberry Pi OS

Quick&Dirty XCOFF Loader for Ghidra

LDAP library for auditing MS AD

BloodyAD is an Active Directory Privilege Escalation Framework

A tool to interact with Kerberos to request, forge and convert various types of tickets in an Active Directory environment.

Access private and public keys stored in Mac OS X's Keychain from the command line.

Microsoft Telnet Client MS-TNAP Server-Side Authentication Token Exploit

Hackish way to intercept and modify non-HTTP protocols through Burp & others.

Proof of Concept (PoC) .NET tool for remotely killing EDR with WDAC

Identifies the bytes that Microsoft Defender / AMSI Consumer flags on.

The swiss army knife of LSASS dumping

A Dynamic MSBuild task to help with minor obfuscation of C# Binaries to evade static signatures on each compilation

Syscall Shellcode Loader (Work in Progress)

JustEvadeBro, a cheat sheet which will aid you through AMSI/AV evasion & bypasses.

Load cookies from your web browsers

A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the server.

A tool employs direct registry manipulation to create scheduled tasks without triggering the usual event logs.

Fully decrypt App-Bound Encrypted (ABE) cookies, passwords & payment methods from Chromium-based browsers (Chrome, Brave, Edge) - all in user mode, no admin rights required.

"AMSI WRITE RAID" Vulnerability that leads to an effective AMSI BYPASS