ETWProcessMon2 is for Monitoring Process/Thread/Memory/Imageloads/TCPIP via ETW + Detection for Remote-Thread-Injection & Payload Detection by VirtualMemAlloc Events (in-memory) etc.

A PICO for Crystal Palace that implements CLR hosting to execute a .NET assembly in memory.

Wonka is a sweet Windows tool that extracts Kerberos tickets from the Local Security Authority (LSA) cache. Like finding a ticket, but for security research and penetration testing! 🎫

Web recreation of the PMD EoS personality test

BOF to steal browser cookies & credentials

The different ways to dump lsass

Exchange your privileges for Domain Admin privs by abusing Exchange

cloudflare socks5 server

Exchangelib wrapper for pentesting

A deliberately vulnerable Microsoft Entra ID environment. Learn identity security through hands-on, realistic attack challenges.

Enhance Your Active Directory Password Spraying with User Intelligence.

Fast context enumeration for newly obtained Active Directory credentials.

ProxyLogon Full Exploit Chain PoC (CVE-2021–26855, CVE-2021–26857, CVE-2021–26858, CVE-2021–27065)

Neo4LDAP is a query and visualization tool focused on Active Directory environments. It combines LDAP syntax with graph-based data analysis in Neo4j, offering an alternative approach to tools like …

🗃 Open source self-hosted web archiving. Takes URLs/browser history/bookmarks/Pocket/Pinboard/etc., saves HTML, JS, PDFs, media, and more...

Multiplatform reliable implant with failover protocols

TCP/UDP Non-HTTP Proxy Extension (NoPE) for Burp Suite.

A small C/C++ library to lookup Windows error codes.

Just a little k8s lab in Hyper-V for Red Team or Pentesting practise

✍️ A curated list of CVE PoCs.

Recover the default privilege set of a LOCAL/NETWORK SERVICE account

Impacket is a collection of Python classes for working with network protocols.

LLVM plugin to transparently apply stack spoofing and indirect syscalls to Windows x64 native calls at compile time.

The BackupOperatorToolkit contains different techniques allowing you to escalate from Backup Operator to Domain Admin

A .NET implementation to dump SAM, SYSTEM, SECURITY registry hives from a remote host

EDR Lab for Experimentation Purposes

An open source swiss army knife for arbitrary communication over application protocols

pysnaffler

AD ACL abuse

OneWordlistToListThemAll is a huge mix of password wordlists, proven to be pretty useful to provide some quick hits when cracking several hashes