This is a novel technique that leverages the well-known Device Code phishing approach. It dynamically initiates the flow when the victim opens the phishing link and instantly redirects them to the …

Proof-of-concept obfuscation toolkit for C# post-exploitation tools

Robust Cobalt Strike shellcode loader with multiple advanced evasion features

XLL Phishing Tradecraft

Caddy v2 module to filter requests based on C2 profiles

Research into Undocumented Behavior of Azure AD Refresh Tokens

MCP Server for IDA Pro

🚀 The fast, Pythonic way to build MCP servers and clients

A connector for Claude Desktop to read and search an Obsidian vault.

A Model Context Protocol (MCP) server for querying the VirusTotal API.

MCP server for querying the Shodan API

🌍 Terraform Model Context Protocol (MCP) Tool - An experimental CLI tool that enables AI assistants to manage and operate Terraform environments. Supports reading Terraform configurations, analyzin…

A collection of MCP servers.

Cobalt Strike BOF for evasive .NET assembly execution

MCP Server for Ghidra

Phishing with a fake reCAPTCHA

Browser In The Browser (BITB) Templates

A python script that automates a C2 Profile build

A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques.

FaceDancer is an exploitation tool aimed at creating hijackable, proxy-based DLLs by taking advantage of COM-based system DLL image loading

Never ever ever use pixelation as a redaction technique

Terms of Use Conditional Access M365 Evilginx Phishlet

A curated list of awesome resources related to enhancing your enterprise Email Security

SourcePoint is a C2 profile generator for Cobalt Strike command and control servers designed to ensure evasion.

Quick python utility I wrote to turn HTTP requests from burp suite into Cobalt Strike Malleable C2 profiles

Webcam capture capability for Cobalt Strike as a BOF, with in-memory download options