POC for CVE-2025-54918 and a technical demonstration.

A modified version of [mitm6](https://github.com/dirkjanm/mitm6) with Kerberos CNAME abuse capabilities to support Kerberos CNAME relay.

Python tool to automatically perform SPN-less RBCD attacks.

A python tool to map the access rights of network shares into a BloodHound OpenGraphs easily

一款内网综合扫描工具，方便一键自动化、全方位漏扫扫描。

A new tool to exploit automatically bad configurations in Active Directory with BloodHound json files

Neo-reGeorg is a project that seeks to aggressively refactor reGeorg

myADMonitor is an open-source Active Directory changes tracking tool

PoC to coerce authentication from Windows hosts using MS-WSP

A deliberately vulnerable Microsoft Entra ID environment. Learn identity security through hands-on, realistic attack challenges.

A secure sandbox environment for malware developers and red teamers to test payloads against detection mechanisms before deployment. Integrates with LLM agents via MCP for enhanced analysis capabil…

SharePoint WebPart Injection Exploit Tool

Local SYSTEM auth trigger for relaying

An open-source, free protector for .NET applications

A python script to update /etc/hosts with ip addresses and hostnames found by netexec

A list of useful Powershell scripts with 100% AV bypass (At the time of publication).

A collection of useful tools and scripts were developed and gathered throughout the Offensive Security's PEN-300 (OSEP) course.

PoC Exploit for the NTLM reflection SMB flaw.

reflectively load any binary with Installutil LOLBAS

Everything from my OSEP study.

CIS Benchmark Converter is a Python script that extracts recommendations from CIS Benchmark PDF documents and exports them into CSV, Excel, or JSON formats. The script converts unstructured PDF con…

An even funnier way to disable windows defender. (through WSC api)

Interract with Microsoft SQL Server (MS SQL | MSSQL) servers and their linked instances in restricted environments, without the need for complex T-SQL queries.

Sliver CheatSheet for OSEP

Weaponizing DCOM for NTLM Authentication Coercions

🧙‍♂️ Node.js Command & Control for Script-Jacking Vulnerable Electron Applications