Red team tools
Firefox Decrypt is a tool to extract passwords from Mozilla (Firefox™, Waterfox™, Thunderbird®, SeaMonkey®) profiles
Enumerate information from NTLM authentication enabled web endpoints 🔎
Azure Security Resources and Notes
A PoC of the ContainYourself research presented in DEFCON 31, which abuses the Windows containers framework to bypass EDRs.
This project is an implant framework designed for long term persistent access to Windows machines.
A POC of a new “threadless” process injection technique that works by utilizing the concept of DLL Notification Callbacks in local and remote processes.
Real fucking shellcode encryptor & obfuscator tool
Creating a repository with all public Beacon Object Files (BoFs)
Fully Integrated Adversarial Operations Toolkit (C2, stagers, agents, ephemeral infrastructure, phishing engine, and automation)
ScareCrow - Payload creation framework designed around EDR bypass.
Nimbo-C2 is yet another (simple and lightweight) C2 framework
Threadless Module Stomping In Rust with some features (In memory of those murdered in the Nova party massacre)
Lifetime AMSI bypass by @ZeroMemoryEx ported to .NET Framework 4.8
Extension functionality for the NightHawk operator client
C++ self-Injecting dropper based on various EDR evasion techniques.
BOF for Kerberos abuse (an implementation of some important features of the Rubeus).
Reflective DLL to privesc from NT Service to SYSTEM using SeImpersonateToken privilege
A beacon object file implementation of PoolParty Process Injection Technique.
An App Domain Manager Injection DLL PoC on steroids
Uses rpcdump to locate the ADCS server, and identify if ESC8 is vulnerable from unauthenticated perspective.
Load and execute COFF files and Cobalt Strike BOFs in-memory
Patching "signtool.exe" to accept expired certificates for code-signing.