SCCMHunter is a post-ex tool built to streamline identifying, profiling, and attacking SCCM related assets in an Active Directory domain.

ProfileHound - BloodHound OpenGraph collector for user profiles stored on domain machines. Make informed decisions about looting secrets by identifying active user profiles on domain machines.

Advanced Active Directory network topology analyzer with SMB validation, multiple authentication methods (password/NTLM/Kerberos), and comprehensive network discovery. Export results as BloodHound‑…

Library of BOFs to interact with SQL servers

Active Directory data ingestor for BloodHound Community Edition written in Rust. 🦀

Misconfiguration Manager is a central knowledge base for all known Microsoft Configuration Manager tradecraft and associated defensive and hardening guidance.

Weaponize DLL hijacking easily. Backdoor any function in any DLL.

Cybersecurity AI (CAI), the framework for AI Security

The successor to reDuh, pwn a bastion webserver and create SOCKS proxies through the DMZ. Pivot and pwn.

This repository is for active development of the Azure SDK for Go. For consumers of the SDK we recommend visiting our public developer docs at:

Network-wide ads & trackers blocking DNS server

A library for creating, reading and editing PE files and .NET modules.

Simple dotnet Native AOT app that uses AsmResolver to convert shellcode to PE

Course to get into Large Language Models (LLMs) with roadmaps and Colab notebooks.

Curated list of project-based tutorials

Tool for Active Directory Certificate Services enumeration and abuse

Source generator to add D/Invoke and indirect syscall methods to a C# project.

Enumerate Domain Data

AV/EDR evasion via direct system calls.

Repository for slide decks of public talks I've given.

A collection of C# shellcode injection techniques. All techniques use an AES encrypted meterpreter payload. I will be building this project up as I learn, discover or develop more techniques. Some …

Obfuscate Go builds

A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques.

Freeze is a payload toolkit for bypassing EDRs using suspended processes, direct syscalls, and alternative execution methods

SigFlip is a tool for patching authenticode signed PE files (exe, dll, sys ..etc) without invalidating or breaking the existing signature.

Active Directory certificate abuse.

Creating a repository with all public Beacon Object Files (BoFs)

Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication