PowerShell toolkit that extracts locked Windows files (SAM, SYSTEM, NTDS, ...) using MFT parsing and raw disk reads

Example code on how to use a custom dll during dll hijack on Narrator.exe as a persistence

Redirect any Windows TCP and UDP traffic to HTTP/Socks5 proxy

Templates for developing your own listeners and agents for AdaptixC2.

Stealthily inject shellcode into an executable

Harden Windows Safely, Securely using Official Supported Microsoft methods and proper explanation | Always up-to-date and works with the latest build of Windows | Provides tools and Guides for Pers…

adws enumeration bof

Multi-Packer wrapper letting us daisy-chain various packers, obfuscators and other Red Team oriented weaponry. Featured with artifacts watermarking, IOCs collection & PE Backdooring. You feed it wi…

A script that helps you understand why your E-Mail ended up in Spam

This is the tool to dump the LSASS process on modern Windows 11

KVC enables unsigned driver loading via DSE bypass (g_CiOptions patch/skci.dll hijack) and PP/PPL manipulation for LSASS memory dumping on modern Windows with HVCI/VBS.

Swiss Army Knife for payload encryption, obfuscation, and conversion to byte arrays – all in a single command (14 output formats supported)! ☢️

COM-based DLL Surrogate Injection

Dump processes over WMI with MSFT_MTProcess

A tool for enumerating potential hosts that are open to GSSAPI abuse within Active Directory networks

Disconnected RSAT - A method of running Group Policy Manager, Certificate Authority and Certificate Templates MMC snap-ins from non-domain joined machies

BOF to steal browser cookies & credentials

Windows Remote Administration Tool that uses Discord, Telegram and GitHub as C2s

Direct3D 11 Screenshot BOF

psexecsvc - a python implementation of PSExec's native service implementation

🔍 gowitness - a golang, web screenshot utility using Chrome Headless

Waiting Thread Hijacking - injection by overwriting the return address of a waiting thread

Chrome browser extension-based Command & Control

A collection of various and sundry code snippets that leverage .NET dynamic tradecraft

A centralized resource for previously documented WDAC bypass techniques

CLI tool to interact with the BloodHound CE API

Flexible LDAP proxy that can be used to inspect & transform all LDAP packets generated by other tools on the fly.

DCOM Lateral movement POC abusing the IMsiServer interface - uploads and executes a payload remotely