Self-spreading Java malware targeting Minecraft servers. Infected servers are capable of scanning for other vulnerable servers, encrypting Minecraft worlds, and phishing players who connect.

TokenSmith generates Entra ID access & refresh tokens on offensive engagements. It is suitable for both covert adversary simulations and penetration tests with the tokens generated working out of t…

C implementation of the SSN resolution algorithm used in FreshyCalls

Malleable shellcode loader written in C and Assembly utilizing direct or indirect syscalls for evading EDR hooks

Proof of Concept (PoC) .NET tool for remotely killing EDR with WDAC

Customizable Linux Persistence Tool for Security Research and Detection Engineering.

Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang, focused on containerized environments.

Infrastructure Automation

Thread Stack Spoofing - PoC for an advanced In-Memory evasion technique allowing to better hide injected shellcode's memory allocation from scanners and analysts.

SharpExShell automates the DCOM lateral movment technique which abuses ActivateMicrosoftApp method of Excel application.

A C# tool with more flexibility to customize scheduled task for both persistence and lateral movement in red team operation

AzureAD beacon object files

Flexible LDAP proxy that can be used to inspect & transform all LDAP packets generated by other tools on the fly.

ZigStrike, a powerful Payload Delivery Pipeline developed in Zig, offering a variety of injection techniques and anti-sandbox features.

Scan for misconfigured S3 buckets across S3-compatible APIs!

⚡️⚡️⚡️Self-hosted collaborative bookmark manager to collect, organize, and preserve webpages, articles, and documents.

PAM module. If bad guys will force you to unlock, you can use this module to run some command before unlock using "secret" credits.

Credentials Dumper for Linux using eBPF

searches recursive for folders where the current user has permissions

Python3 rewrite of AsOutsider features of AADInternals

.NET post-exploitation toolkit for Active Directory reconnaissance and exploitation

A Rust implementation of Internal-Monologue — retrieving NetNTLM hashes without touching LSASS, leveraging SSPI for NTLM negotiation and indirect NTAPIs for core operations.

reNgine-ng is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuo…

Six Degrees of Domain Admin

Find vulnerabilities in AD Group Policy, but do it better than Grouper2 did.

Homemade Pwnbox 🚀 / Rogue AP 📡 based on Raspberry Pi — WiFi Hacking Cheatsheets + MindMap 💡

A red team tool that assists into extracting/dumping master credentials and/or entries from different password managers.