Open Source Implementation of Cobalt Strike's Malleable C2

Create local administrators with the SAMR API (lowest-level technique). Implemented in C#, Python, Rust and Crystal

Encrypted command‑and‑control (C2) research framework for cybersecurity education, red team labs, and secure client‑server communication experiments.

Hermes Proxy - HTTP Traffic Analyzer

Audiodg.exe DLL hijacking for LPE with reboot-free restart primitive. Executes code as LOCAL SERVICE, escalates to SYSTEM via Scheduled Tasks.

PowerShell SharePoint extraction + auditing tool for red/blue/purple teams. Enumerates all SharePoint sites/drives a user can access via Microsoft Graph, recursively downloads files, and logs every…

A self-hosted, real-time collaborative workspace for offensive security assessments.

Edit files without leaving timestamp traces.

This repo contains PoCs for vulnerable Windows drivers.

Trail of Bits Claude Code skills for security research, vulnerability detection, and audit workflows

A complete browser-based reverse engineering platform built on Rizin, running entirely client-side via WebAssembly.

Explore various ways to connect Windows Subsystem for Linux with Windows terminal emulators.

Network Fuzzing Framework

Open-source offensive security platform for conducting phishing campaigns that weaponizes iCalendar automatic event processing.

CEREBRO-RED v2: Advanced LLM Red Team Research Platform with PAIR Algorithm and LLM-as-a-Judge Evaluation

Offline AI Security Assistant for Air-Gapped Pentesting

A C# tool for extracting information from SCCM PXE boot media.

Your personal 'Mini Shodan'. A high-performance network reconnaissance engine designed for massive scale asset discovery. Specializes in identifying unsecured services (Open RTSP Cameras, No-Auth V…

EDRStartupHinder: A red team tool to prevent Antivirus and EDR from running.

A TUI for Active Directory collection.

Extract SAM and SYSTEM using Volume Shadow Copy (VSS) API. With multiple exfiltration options and XOR obfuscation

Sysmon Config Pusher - Modernized

Python tool to automatically perform SPN-less RBCD attacks.

Proxifier Alternative to redirect any Windows/MacOS TCP and UDP traffic to HTTP/Socks5 proxy

Aliasr is a modern, feature-rich TUI launcher for penetration testing commands inspired by Arsenal, but with significantly improved functionality.

Kernel-mode process protection driver with user GUI

Parses Snaffler output file and generate beautified outputs.