A collection of various and sundry code snippets that leverage .NET dynamic tradecraft

Initial Access and Post-Exploitation Tool for AAD and O365 with a browser-based GUI

Take automated actions against threats and vulnerabilities.

Azure Post Exploitation Framework

Sloc, Cloc and Code: scc is a very fast accurate code counter with complexity calculations and COCOMO estimates written in pure Go

Monitor osquery logs and use an LLM to provide concise, user-friendly summaries of new events directly in Discord.

A Rust implementation of GodPotato — abusing SeImpersonate to gain SYSTEM privileges. Includes a TCP-based reverse shell and indirect NTAPI for various operations.

Proof of Concept (PoC) .NET tool for remotely killing EDR with WDAC

Version 2 of the Graphical Realism Framework for Industrial Control Simulation (GRFICS)

RunasCs - Csharp and open version of windows builtin runas.exe

In-depth ldap enumeration utility

Automagically reverse-engineer REST APIs via capturing traffic

CISO Assistant is a one-stop-shop for GRC, covering Risk, AppSec and Audit Management and supporting +70 frameworks worldwide with auto-mapping: NIST CSF, ISO 27001, SOC2, CIS, PCI DSS, NIS2, CMMC,…

sandbox approach for malware developers and red teamers to test payloads against detection mechanisms before deployment

Red Team's SIEM - tool for Red Teams used for tracking and alarming about Blue Team activities as well as better usability in long term operations.

A BloodHound collector for Microsoft Configuration Manager

PowerShell tools to help defenders hunt smarter, hunt harder.

Exploit AD CS misconfiguration allowing privilege escalation and persistence from any child domain to full forest compromise

A proof-of-concept Remote Desktop (RDP) session hijack utility

A list of methods to coerce a windows machine to authenticate to an attacker-controlled machine through a Remote Procedure Call (RPC) with various protocols.

A Rust implementation of Internal-Monologue — retrieving NetNTLM hashes without touching LSASS, leveraging SSPI for NTLM negotiation and indirect NTAPIs for core operations.

Python tool for converting files and office documents to Markdown.

M365/Azure adversary simulation tool that generates realistic attack telemetry to help blue teams improve their detection and response capabilities.

The ldap2json script allows you to extract the whole LDAP content of a Windows domain into a JSON file.

A tool to generate a wordlist from the information present in LDAP, in order to crack passwords of domain accounts.

Framework for Kerberos relaying

Egressbuster is a method to check egress filtering and identify if ports are allowed. If they are, you can automatically spawn a shell.

Port of Cobalt Strike's Process Inject Kit

Timeroasting scripts by Tom Tervoort

Complete list of LPE exploits for Windows (starting from 2023)