An OSINT tool that helps detect members of a company with leaked credentials

Tamper Active Directory user attributes to collect their hashes with MS-SNTP

Payload development framework

USB Army Knife – the ultimate close access tool for penetration testers and red teamers.

Hardening Active Directory version 2

sandbox approach for malware developers and red teamers to test payloads against detection mechanisms before deployment

The resources for glibc Malloc heap exploitation course by Maxwell Dulin and Security Innovation.

MLOps Attack Toolkit

FaceDancer is an exploitation tool aimed at creating hijackable, proxy-based DLLs by taking advantage of COM-based system DLL image loading

Awesome EDR Bypass Resources For Ethical Hacking

Disconnected RSAT - A method of running Group Policy Manager, Certificate Authority and Certificate Templates MMC snap-ins from non-domain joined machies

Situational Awareness script to identify how and where to run implants

IDA Pro plugin with a rich set of features: decryption, deobfuscation, patching, lib code recognition and various pseudocode transformations

Complete list of LPE exploits for Windows (starting from 2023)

Shadow Dumper is a powerful tool used to dump LSASS memory, often needed in penetration testing and red teaming. It uses multiple advanced techniques to dump memory, allowing to access sensitive da…

C2 infrastructure that allows Red Teamers to execute system commands on compromised hosts through Microsoft Teams.

An x64 position-independent shellcode stager that verifies the stage it retrieves prior to execution

A high-speed tool for passively gathering URLs, optimized for efficient and comprehensive web asset discovery without active scanning.

.NET post-exploitation toolkit for Active Directory reconnaissance and exploitation

A collection of PowerShell scripts for analyzing data from Microsoft 365 and Microsoft Entra ID

Configuration files for the SOF-ELK VM

EDR & Antivirus Bypass to Gain Shell Access

Tool designed to find folder exclusions using Windows Defender using command line utility MpCmdRun.exe as a low privileged user, without relying on event logs

Publications from Trail of Bits

PoC for the Untrusted Pointer Dereference in the ks.sys driver

Bypass LSA protection using the BYODLL technique

A tool that takes over Windows Updates to craft custom downgrades and expose past fixed vulnerabilities