A collection of servers which are deliberately vulnerable to learn Pentesting MCP Servers.

A repository for additional files related to the book Windows Security Internals with PowerShell from No Starch Press.

Gain insights into COM/DCOM implementations that may be vulnerable using an automated approach and make it easy to visualize the data. By following this approach, a security researcher will hopeful…

Proof-of-Concept tool for extracting NTLMv1 hashes from sessions on modern Windows systems.

DiffRays is a research-oriented tool for binary patch diffing, designed to aid in vulnerability research, exploit development, and reverse engineering.

This repository is a collection of JavaScript gadgets that can be used to bypass XSS mitigations such as Content Security Policy (CSP) and HTML sanitizers like DOMPurify.

Local SYSTEM auth trigger for relaying - X

A .net OLE/COM viewer and inspector to merge functionality of OleView and Test Container

Local SYSTEM auth trigger for relaying

Gain insights into MS-RPC implementations that may be vulnerable using an automated approach and make it easy to visualize the data. By following this approach, a security researcher will hopefully…

Set of tools to analyze Windows sandboxes for exposed attack surface.

This repo contains PoCs for vulnerable Windows drivers.

365-Stealer is a phishing simualtion tool written in python3. It can be used to execute Illicit Consent Grant Attack.

DCOM Lateral movement POC abusing the IMsiServer interface - uploads and executes a payload remotely

Recovering NTLM hashes from Credential Guard

Convert an LDIF file to JSON files ingestible by BloodHound

MultiDump is a post-exploitation tool for dumping and extracting LSASS memory discreetly.

ShuckNT is the script of Shuck.sh online service for on-premise use. It is design to dowgrade, convert, dissect and shuck authentication token based on Data Encryption Standard (DES).

PE loader with various shellcode injection techniques

Monitor linux processes without root permissions

This repository contain a CheatSheet for OSWP & WiFi Cracking.

Find and collect parts of a Keepass master key to recover it in plain text from a memory dump

A customizable and powerful penetration testing reporting platform for offensive security professionals. Simplify, customize, and automate your pentest reports with ease.

Adversary Emulation Framework

BloodyAD is an Active Directory Privilege Escalation Framework

Hosted Reverse Shell generator with a ton of functionality. -- (Great for CTFs)

Windows Active Directory enumeration tool for Linux

Villain is a high level stage 0/1 C2 framework that can handle multiple reverse TCP & HoaxShell-based shells, enhance their functionality with additional features (commands, utilities) and share th…

A Python based ingestor for BloodHound