BOF that finds all the Nt* system call stubs within NTDLL and overwrites with clean syscall stubs (user land hook evasion)

Open-source multi-purpose remote access tool for Microsoft Windows

Project for tracking publicly disclosed DLL Hijacking opportunities.

Proof-of-Concept tool for extracting NTLMv1 hashes from sessions on modern Windows systems.

BOF to steal browser cookies & credentials

Library of BOFs to interact with SQL servers

Shark Jack payloads for testing exposed RJ45 (ethernet) ports and dealing with port security.

The different ways to dump lsass

Gain insights into MS-RPC implementations that may be vulnerable using an automated approach and make it easy to visualize the data. By following this approach, a security researcher will hopefully…

Some POCs for my BYOVD research and find some vulnerable drivers

Shellcode encryptor using a substitution cipher with a randomly generated key.

Some of my personal notes that helped me pass the OSWP

ScriptSentry finds misconfigured and dangerous logon scripts.

C# Azure Function with an HTTP trigger that generates obfuscated PowerShell snippets that break or disable AMSI for the current process.

Self-deployable file hosting service for red teamers, allowing to easily upload and share payloads over HTTP and WebDAV.

Ransomware simulation script written in PowerShell. Useful for testing your defenses and backups against real ransomware-like activity in a controlled setting.

Scripts that are intended to help you in your pen-testing and bug-hunting efforts by automating various manual tasks, making your work more efficient and effective.

Deploy stealthy reverse shells using advanced process hollowing with GhostStrike – a C++ tool for ethical hacking and Red Team operations.

This tool extracts Credit card numbers, NTLM(DCE-RPC, HTTP, SQL, LDAP, etc), Kerberos (AS-REQ Pre-Auth etype 23), HTTP Basic, SNMP, POP, SMTP, FTP, IMAP, etc from a pcap file or from a live interface.

SCCMHunter is a post-ex tool built to streamline identifying, profiling, and attacking SCCM related assets in an Active Directory domain.

Timeroasting scripts by Tom Tervoort

Active Directory reconnaissance and exploitation for Red Teams via the Active Directory Web Services (ADWS).

Remote command line LSASS extractor

Identifies the bytes that Microsoft Defender flags on.

OfensivePipeline allows you to download and build C# tools, applying certain modifications in order to improve their evasion for Red Team exercises.

a tool for pentesters to help find delicious candy, by @l0ss and @Sh3r4 ( Twitter: @/mikeloss and @/sh3r4_hax )

Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.

AD Miner is an Active Directory audit tool that leverages cypher queries to crunch data from the #Bloodhound graph database to uncover security weaknesses

Dominate Active Directory with PowerShell.