Stars
ADExplorerSnapshot.py is an AD Explorer snapshot parser. It is made as an ingestor for BloodHound, and also supports full-object dumping to NDJSON.
A little tool to play with the Seclogon service
LiquidSnake is a tool that allows operators to perform fileless lateral movement using WMI Event Subscriptions and GadgetToJScript
All sysmon event types and their fields explained
PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw or other functions.
A list of vulnerabilities or design flaws that Microsoft does not intend to fix. Since the number is growing, I decided to make a list. This list covers only vulnerabilities that came up in July 20…
MVT (Mobile Verification Toolkit) helps with conducting forensics of mobile devices in order to find signs of a potential compromise.
A tool to escalate privileges in an active directory network by coercing authenticate from machine accounts and relaying to the certificate service.
InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assembly execution as an alternative to Cobalt Strikes traditiona…
Physmem2profit can be used to create a minidump of a target hosts' LSASS process by analysing physical memory remotely
Anti-virus artifacts. Listing APIs hooked by: Avira, BitDefender, F-Secure, MalwareBytes, Norton, TrendMicro, and WebRoot.
A Cobalt Strike Beacon Object File (BOF) project which uses direct system calls to enumerate processes for specific loaded modules or process handles.
A method of bypassing EDR's active projection DLL's by preventing entry point exection
🔍 A Hex Editor for Reverse Engineers, Programmers and people who value their retinas when working at 3 AM.
Defences against Cobalt Strike
An automated target reconnaissance pipeline.
Local privilege escalation PoC exploit for CVE-2019-16098
Cobalt Strike Aggressor extension for Visual Studio Code
Situational Awareness commands implemented using Beacon Object Files
SharpGPOAbuse is a .NET application written in C# that can be used to take advantage of a user's edit rights on a Group Policy Object (GPO) in order to compromise the objects that are controlled by…
Helper library for x86 programs that runs under WOW64 layer on x64 versions of Microsoft Windows operating systems.
Inline syscalls made easy for windows on clang
holehe allows you to check if the mail is used on different sites like twitter, instagram and will retrieve information on sites with the forgotten password function.
BadBlood by @davidprowe, Secframe.com, fills a Microsoft Active Directory Domain with a structure and thousands of objects. The output of the tool is a domain similar to a domain in the real world.…