Stars
kernel callback removal (Bypassing EDR Detections)
Beacon Object File (BOF) for dumping certificates (and, when possible, private keys) on Windows
Dump lsass using only NTAPI functions creating 3 JSON and 1 ZIP file... and generate the MiniDump file later!
This is a novel technique that leverages the well-known Device Code phishing approach. It dynamically initiates the flow when the victim opens the phishing link and instantly redirects them to the …
.NET assembly loader with patching AMSI and ETW bypass
An x64 position-independent shellcode stager that verifies the stage it retrieves prior to execution
Password spraying using AWS Lambda for IP rotation
A secure sandbox environment for malware developers and red teamers to test payloads against detection mechanisms before deployment. Integrates with LLM agents via MCP for enhanced analysis capabil…
TokenSmith generates Entra ID access & refresh tokens on offensive engagements. It is suitable for both covert adversary simulations and penetration tests with the tokens generated working out of t…
Find potential DLL Sideloads on your windows computer
.NET post-exploitation toolkit for Active Directory reconnaissance and exploitation
A C# tool with more flexibility to customize scheduled task for both persistence and lateral movement in red team operation
Bypass Credential Guard by patching WDigest.dll using only NTAPI functions
A delicious, but malicious SSL-VPN server 🌮
A python port of @dafthack's MFAsweep with some added OPSEC functionality. MFAde can be used to find single-factor authentication failure points in Mircrosoft Services.
A collection of Azure AD/Entra tools for offensive and defensive security purposes
Self-deployable file hosting service for red teamers, allowing to easily upload and share payloads over HTTP and WebDAV.
Collection of Beacon Object Files (BOF) for Cobalt Strike
使深信服(Sangfor)开发的非自由的 VPN 软件 EasyConnect 和 aTrust 运行在 docker 或 podman 中,并作为网关和/或提供 socks5、http 代理服务
Offensive security drives defensive security. We're sharing a collection of SaaS attack techniques to help defenders understand the threats they face. #nolockdown
FaceDancer is an exploitation tool aimed at creating hijackable, proxy-based DLLs by taking advantage of COM-based system DLL image loading