Stars
Microsoft Entra ID (Azure AD) Unauthenticated Enumeration
Calling the undocumented DPAPI RPC interface directly, no more calling public CryptUnprotectData!
Burp Plugin to Bypass WAFs through the insertion of Junk Data
Open-source offensive security platform for conducting phishing campaigns that weaponizes iCalendar automatic event processing.
Amplify network visibility from multiple POV of other hosts
RpcView is a free tool to explore and decompile Microsoft RPC interfaces
Linux post-exploitation agent that uses io_uring to stealthily bypass EDR detection by avoiding traditional syscalls.
Gain insights into MS-RPC implementations that may be vulnerable using an automated approach and make it easy to visualize the data. By following this approach, a security researcher will hopefully…
Fully asynchronous SMB library written in pure python
sploutchy / impacket
Forked from fortra/impacketImpacket is a collection of Python classes for working with network protocols.
A python tool to parse and describe the contents of a raw ntSecurityDescriptor structure.
Some Code Samples for Windows based Inter-Process-Communication (IPC)
A C++ proof of concept demonstrating the exploitation of Windows Protected Process Light (PPL) by leveraging COM-to-.NET redirection and reflection techniques for code injection. This PoC showcases…
Tooling related to the WAM Bam - Recovering Web Tokens From Office blog post
DCOM Lateral movement POC abusing the IMsiServer interface - uploads and executes a payload remotely
Flexible LDAP proxy that can be used to inspect & transform all LDAP packets generated by other tools on the fly.
Homemade Pwnbox 🚀 / Rogue AP 📡 based on Raspberry Pi — WiFi Hacking Cheatsheets + MindMap 💡
Total Registry - enhanced Registry editor/viewer
Complete list of LPE exploits for Windows (starting from 2023)