Windows protocol library, including SMB and RPC implementations, among others.

Abuse trust-boundaries to bypass firewalls and network controls

Cobalt Strike BOF for evasive .NET assembly execution

A tool designed for smuggling interactive command and control traffic through legitimate TURN servers hosted by reputable providers such as Zoom.

Use Cloudflare to create HTTP pass-through proxies for unique IP rotation, similar to fireprox

This is a novel technique that leverages the well-known Device Code phishing approach. It dynamically initiates the flow when the victim opens the phishing link and instantly redirects them to the …

Azure administrative tiering based on known attack paths

BOF for Kerberos abuse (an implementation of some important features of the Rubeus).

Hijack a slack bot to phish your way in

A BloodHound collector for Microsoft Configuration Manager

Timeroasting scripts by Tom Tervoort

Situational Awareness commands implemented using Beacon Object Files

Remote Kerberos Relay made easy! Advanced Kerberos Relay Framework

real time face swap and one-click video deepfake with only a single image

A red team tool that assists into extracting/dumping master credentials and/or entries from different password managers.

BOF and Python3 implementation of technique to unbind 445/tcp on Windows via SCM interactions

Zipper, a CobaltStrike file and folder compression utility.

Misconfiguration Manager is a central knowledge base for all known Microsoft Configuration Manager tradecraft and associated defensive and hardening guidance.

Print Spooler Named Pipe Impersonation for Cobalt Strike

Subdomain Takeover tool written in Go

COFF file (BOF) for managing Kerberos tickets.

CobaltStrike BOF to spawn Beacons using DLL Application Directory Hijacking

HVNC for Cobalt Strike

A CobaltStrike toolkit to write files produced by Beacon to memory instead of disk

Utility to download and extract document metadata from an organization. This technique can be used to identify: domains, usernames, software/version numbers and naming conventions.

Secrets Patterns DB: The largest open-source Database for detecting secrets, API keys, passwords, tokens, and more.

BOF implementation of @_EthicalChaos_'s ThreadlessInject project. A novel process injection technique with no thread creation, released at BSides Cymru 2023.