.NET Post-Exploitation Utility for Abusing Strong Explicit Certificate Mappings in ADCS

A fork of AFL for fuzzing Windows binaries

Updated version of System Management Mode backdoor for UEFI based platforms: old dog, new tricks

Top 10 for Agentic AI (AI Agent Security) serves as the core for OWASP and CSA Red teaming work

Awesome note-taking apps for hackers & pentesters !

A Frida script that disables Flutter's TLS verification

KeyHound is an advanced JavaScript secrets hunting tool that sniffs out sensitive information from JavaScript files across web applications. Like a trained hunting dog, it tracks down secrets throu…

A cross-platform assistant for creating malicious MS Office documents. Can hide VBA macros, stomp VBA code (via P-Code) and confuse macro analysis tools. Runs on Linux, OSX and Windows.

A PoC that packages payloads into output containers to evade Mark-of-the-Web flag & demonstrate risks associated with container file formats. Supports: ZIP, 7zip, PDF, ISO, IMG, CAB, VHD, VHDX

Dump lsass using only NTAPI functions by hand-crafting Minidump files (without MiniDumpWriteDump!!!)

Misconfiguration Manager is a central knowledge base for all known Microsoft Configuration Manager tradecraft and associated defensive and hardening guidance.

The OUned project automating Active Directory Organizational Units ACL exploitation through gPLink poisoning

Browser In The Browser (BITB) Templates

TREVORspray is a modular password sprayer with threading, clever proxying, loot modules, and more!

An asynchronous, collaborative post-exploitation agent powered by Python and .NET's DLR

Lichee Zero: An SD-Size (breadboard-compatible) Cortex-A7 Board

WarBerryPi - Tactical Exploitation

Purpose-built Red Team network hardware implant made from common components.

Burp Plugin to Bypass WAFs through the insertion of Junk Data

Evilginx Phishing Infrastructure Setup Guide - Securing Evilginx and Gophish Infrastructure, Removing IOCs, Phishing TTPs

Abusing Windows fork API and OneDrive.exe process to inject the malicious shellcode without allocating new RWX memory region.

Rubber Ducky powered by NeoKey

Automate creating resilient, disposable, secure and agile infrastructure for Red Teams.

The new bridge between Burp Suite and Frida!

OT security monitoring #nsacyber

PDF Files for Pentesting

ALL IN ONE Hacking Tool For Hackers

Best DDoS Attack Script Python3, (Cyber / DDos) Attack With 56 Methods

This challenge is Inon Shkedy's 31 days API Security Tips.