A PoC implementation for spoofing arbitrary call stacks when making sys calls (e.g. grabbing a handle via NtOpenProcess)

SharpGPOAbuse is a .NET application written in C# that can be used to take advantage of a user's edit rights on a Group Policy Object (GPO) in order to compromise the objects that are controlled by…

🔍 A Hex Editor for Reverse Engineers, Programmers and people who value their retinas when working at 3 AM.

Cross Platform File Dialog for Dear-ImGui

d3d12 hook with imgui, directx12 hook, dx12 hook, d3d12 api hook

SharpUp is a C# port of various PowerUp functionality.

Loads any C# binary in mem, patching AMSI + ETW.

Custom Query list for the Bloodhound GUI based off my cheatsheet

PoC Implementation of a fully dynamic call stack spoofer

Also known by Microsoft as Knifecoat 🌶️

A collection of awesome dear imgui bindings, extensions and resources

Bypass EDR Hooks by patching NT API stub, and resolving SSNs and syscall instructions at runtime

SpoolSample -> Responder w/NetNTLM Downgrade -> NetNTLMv1 -> NTLM -> Kerberos Silver Ticket

This program is designed to demonstrate various process injection techniques

Just another Powerview alternative

A method of bypassing EDR's active projection DLL's by preventing entry point exection

SafetyKatz is a combination of slightly modified version of @gentilkiwi's Mimikatz project and @subtee's .NET PE Loader

PoC tool to coerce Windows hosts authenticate to other machines via the MS-RPRN RPC interface. This is possible via other protocols as well.

DPAPI looting remotely and locally in Python

Utility to enumerate users, groups and computers from a Windows domain through LDAP queries

Python script to enumerate users, groups and computers from a Windows domain through LDAP queries

Partial python implementation of SharpGPOAbuse

kill anti-malware protected processes ( BYOVD) (Microsoft Won )

Retrieves exported functions from a legitimate DLL and generates a proxy DLL source code/template for DLL proxy loading or sideloading

⛔ offsec batteries included

Kerberos unconstrained delegation abuse toolkit

Tool to bypass LSA Protection (aka Protected Process Light)

Active Directory Integrated DNS dumping by any authenticated user