List of advanced XSS payloads

Run PowerShell command without invoking powershell.exe

DNS-Persist is a post-exploitation agent which uses DNS for command and control.

A secure*, asynchronous (same-machine) message platform

Load shellcode into a new process, optionally under a false name.

A collection of scripts I've written to help red and blue teams with malware persistence techniques.

A Control Panel Applet dropper project. It has a high success rate on engagements since nobody cares about .CPL files and you can just double click them.

Small and highly portable detection tests based on MITRE's ATT&CK.

👨‍💻🕵🏻👩‍💻 Analyze user behavior against fake access points📡

This tool allows one to recover old RDP (mstsc) session information in the form of broken PNG files. These PNG files allows Red Team member to extract juicy information such as LAPS passwords or any sensitive information on the screen. Blue Team member can reconstruct PNG files to see what an attacker did on a compromised host. It is extremely u…

Helicopter periodically checks VirusTotal for the hashes of the payloads on a payload server

One day people will learn that unquoted service paths are a problem. It would be a shame if binaries were forced into those spaces.

Small Script For Arduino Leonardo To Make Human Interface Device Attacks

IOS/MAC Denial-Of-Service [POC/EXPLOIT FOR MASSIVE ATTACK TO IOS/MAC IN NETWORK]

Powershell script for automating Windows persistence using different techniques

Curated list of Unix binaries that can be exploited to bypass system security restrictions

The Book "Generating Software Tests"

Wireless USB Rubber Ducky triggered via BLE (make your Ubertooth quack!)

Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)

DEPRECATED: SSH Proxy Server for Red Team