Tool designed to find folder exclusions using Windows Defender using command line utility MpCmdRun.exe as a low privileged user, without relying on event logs

AV/EDR Lab environment setup references to help in Malware development

game of active directory

Initial Access and Post-Exploitation Tool for AAD and O365 with a browser-based GUI

Porting of BOF InlineExecute-Assembly to load .NET assembly in process but with patchless AMSI and ETW bypass using hardware breakpoint.

Active Directory and Internal Pentest Cheatsheets

Dump NTDS with golden certificates and UnPAC the hash

🔍 gowitness - a golang, web screenshot utility using Chrome Headless

Post-exploit tool that enables a SOCKS tunnel via a Windows host using an extensible custom RPC proto over SMB through a named pipe.

Identifies the bytes that Microsoft Defender / AMSI Consumer flags on.

Misconfiguration Manager is a central knowledge base for all known Microsoft Configuration Manager tradecraft and associated defensive and hardening guidance.

Pre-Built Vulnerable Environments Based on Docker-Compose

Local Service to SYSTEM privilege escalation from Windows 7 to Windows 10 / Server 2019

Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)

Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.

Situational Awareness commands implemented using Beacon Object Files

Cobalt Strike C2 Reverse proxy that fends off Blue Teams, AVs, EDRs, scanners through packet inspection and malleable profile correlation

DavRelayUp - a universal no-fix local privilege escalation in domain-joined windows workstations where LDAP signing is not enforced (the default settings).

Windows Templates for Packer: Windows 11, Windows 10, Windows Server 2022, 2019, 2016, also with Docker

Lord Of Active Directory - automatic vulnerable active directory on AWS

BloodyAD is an Active Directory Privilege Escalation Framework

A python tool to automate KeePass discovery and secret extraction.

A next-generation crawling and spidering framework.

In-depth ldap enumeration utility

Python library with CLI allowing to remotely dump domain user credentials via an ADCS without dumping the LSASS process memory

A Vagrantfile and Ansible playbook that can be used to setup test environment with an Exchange server host

A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through 12 methods.

DPAPI looting remotely and locally in Python