Red team tools
Canary Hunter aims to be a quick PowerShell script to check for Common Canaries in various formats generated for free on canarytokens.org
Refactored & improved CredKing password spraying tool, uses FireProx APIs to rotate IP addresses, stay anonymous, and beat throttling
A standalone DLL that exports databases in cleartext once injected in the KeePass process.
Socks4a proxy leveraging PIC, Websockets and static obfuscation on assembly level
A tiny Reverse Sock5 Proxy written in C :V
Use to copy a file from an NTFS partitioned volume by reading the raw volume and parsing the NTFS structures.
NTFS parsing library in C#. Allows one to parse and read NTFS structures on disk.
Villain is a high level stage 0/1 C2 framework that can handle multiple reverse TCP & HoaxShell-based shells, enhance their functionality with additional features (commands, utilities) and share th…
DLLirant is a tool to automatize the DLL Hijacking researches on a specified binary.
evasion technique to defeat and divert detection and prevention of security products (AV/EDR/XDR)
[Deprecated, work in progress alternative: https://github.com/M2Team/NanaRun] Series of System Administration Tools
Obfuscate specific windows apis with different apis
A Python script that embeds Target VBS into LNK and when executed runs the VBS script from within.
Small Python tool to do DLL Sideloading (and consequently, other DLL attacks).
A BOF to determine Windows Defender exclusions.
A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques.
Infect Shared Files In Memory for Lateral Movement
OffensivePH - use old Process Hacker driver to bypass several user-mode access controls
WindowSpy is a Cobalt Strike Beacon Object File meant for automated and targeted user surveillance.
An open-source process injection enumeration tool written in C#
Malicious shortcut generator for collecting NTLM hashes from insecure file shares.