A suite of services (SOCKS, FTP, shell, etc.) over Citrix, VMware Horizon and native Windows RDP virtual channels.

Cobalt Strike C2 Reverse proxy that fends off Blue Teams, AVs, EDRs, scanners through packet inspection and malleable profile correlation

Terraform-based red team infrastructure automation

Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang, focused on containerized environments.

📚 Freely available programming books

Active Directory data ingestor for BloodHound Legacy written in Rust. 🦀

A Bypass Anti-virus Software Lateral Movement Command Execution Tool

This repo contains samples that demonstrate the API used in Windows classic desktop applications.

a drop-in replacement for Nmap powered by shodan.io

The CVE Binary Tool helps you determine if your system includes known vulnerabilities. You can scan binaries for over 350 common, vulnerable components (openssl, libpng, libxml2, expat and others),…

RockYou2021.txt is a MASSIVE WORDLIST compiled of various other wordlists. RockYou2021.txt DOES NOT CONTAIN USER:PASS logins!

Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user

A denial-of-service proof-of-concept for CVE-2020-1350

Great explanation of Process Hollowing (a Technique often used in Malware)

Projects for security students

Updog is a replacement for Python's SimpleHTTPServer. It allows uploading and downloading via HTTP/S, can set ad hoc SSL certificates and use http basic auth.

Load shellcode into a new process

Google Compute Engine (GCE) VM takeover via DHCP flood - gain root access by getting SSH keys added by google_guest_agent

CONVEX is a group of CTFs that are independently deployable into participant Azure environments.

Collection of VBA macro published in our twitter / blog

GTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems

Process Ghosting - a PE injection technique, similar to Process Doppelgänging, but using a delete-pending file instead of a transacted file

A proof of concept on attack vectors against Active Directory by abusing Active Directory Certificate Services (ADCS)

C# and Impacket implementation of PrintNightmare CVE-2021-1675/CVE-2021-34527

A library to load, manipulate, dump PE files. See also: https://github.com/hasherezade/libpeconv_tpl

My implementation of enSilo's Process Doppelganging (PE injection technique)

SharpHook is an offensive API hooking tool designed to catch various credentials within the API call.

C# Based Universal API Unhooker

A better version of Xencrypt.Xencrypt it self is a Powershell runtime crypter designed to evade AVs.