tiny, portable SOCKS5 server with very moderate resource usage

Python implementation of GhostPack's Seatbelt situational awareness tool

A blind SQL injection brute forcer

Active Directory data ingestor for BloodHound Community Edition written in Rust. 🦀

Nuitka is a Python compiler written in Python. It's fully compatible with Python 2.6, 2.7, 3.4-3.13. You feed it your Python app, it does a lot of clever things, and spits out an executable or exte…

Records an executable's network activity into a Full Packet Capture file (.pcap) and much more.

Identify common EDR processes, directories, and services. Simple BOF of Invoke-EDRChecker.

Halberd : Multi-Cloud Attack Tool

dump Chrome cookies remotely with atexec and CDP

winacl, a cross platforms Go library to work with ntSecurityDescriptor.

Nameless C2 - A C2 with all its components written in Rust

FaceDancer is an exploitation tool aimed at creating hijackable, proxy-based DLLs by taking advantage of COM-based system DLL image loading

LSASS memory dumper using only NTAPIs, creating a minimal minidump, built in Rust with no_std and independent of the C runtime (CRT). It can be compiled as shellcode (PIC), supports XOR encryption,…

Disconnected GPO Editor - A Group Policy Manager launcher to allow editing of domain GPOs from non-domain joined machines

Bear C2 is a compilation of C2 scripts, payloads, and stagers used in simulated attacks by Russian APT groups, Bear features a variety of encryption methods, including AES, XOR, DES, TLS, RC4, RSA …

NyxInvoke is a Rust CLI tool for running .NET assemblies, PowerShell, and BOFs with Patchless AMSI and ETW bypass features. with Dual-build support

Scripts to enumerate and report on Entra Conditional Access

A Go implementation of Cobalt Strike style BOF/COFF loaders.

M365/Azure adversary simulation tool designed to simulate adversary techniques and generate attack telemetry.

A new approach to Browser In The Browser (BITB) without the use of iframes, allowing the bypass of traditional framebusters implemented by login pages like Microsoft and the use with Evilginx.

HookChain: A new perspective for Bypassing EDR Solutions

Info on how to use Kerberos KDC on a non-domain joined host

A VSCode plugin to assist with BOF development.

BOF and Python3 implementation of technique to unbind 445/tcp on Windows via SCM interactions

DockerSpy searches for images on Docker Hub and extracts sensitive information such as authentication secrets, private keys, and more.

.NET profiler DLL loading can be abused to make a legit .NET application load a malicious DLL using environment variables. This exploit is loading a malicious DLL using Task Scheduler (MMC) to bypa…

HTTP flyover tool based on the httpx library by ProjectDiscovery

Adaptive DLL hijacking / dynamic export forwarding - EAT preserve

Certainly is a offensive security toolkit to capture large amounts of traffic in various network protocols in bitflip and typosquat scenarios.