Comparing, discussing, and bypassing various techniques for suspending and freezing processes on Windows.

Weaponizing DCOM for NTLM Authentication Coercions

Early Bird Cryo Injections – APC-based DLL & Shellcode Injection via Pre-Frozen Job Objects

Impersonate Tokens using only NTAPI functions

🧙‍♂️ Node.js Command & Control for Script-Jacking Vulnerable Electron Applications

Convolutional neural network for analyzing pentest screenshots

ForsHops

Cobalt Strike BOF for evasive .NET assembly execution

This repository is a compilation of all APT simulations that target many vital sectors,both private and governmental. The simulation includes written tools, C2 servers, backdoors, exploitation tech…

An example reference design for a proposed BOF PE

Shellcode loader that executes embedded Lua from Rust.

A C++ proof of concept demonstrating the exploitation of Windows Protected Process Light (PPL) by leveraging COM-to-.NET redirection and reflection techniques for code injection. This PoC showcases…

A PowerShell console in C/C++ with all the security features disabled

A tool that shows detailed information about named pipes in Windows

Parser and reconciliation tooling for large Active Directory environments.

IDA Pro plugin with a rich set of features: decryption, deobfuscation, patching, lib code recognition and various pseudocode transformations

File Parser optimised for LLM Ingestion with no loss 🧠 Parse PDFs, Docx, PPTx in a format that is ideal for LLMs.

Compile-time generated junk code.

A fork of the great TokenTactics with support for CAE and token endpoint v2

A comprehensive list of usable Entra ID first-party clients with pre-consented Microsoft Graph scopes, in a simple YAML-file explorable with a simple HTML GUI.

.NET Post-Exploitation Utility for Abusing Explicit Certificate Mappings in ADCS

Reaping treasures from strings in remote processes memory

Evasive shellcode loader