Identifies the bytes that Microsoft Defender flags on.

Set of tools to analyze Windows sandboxes for exposed attack surface.

KrbRelayUp - a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).

Collection of Offensive C# Tooling

A .net OLE/COM viewer and inspector to merge functionality of OleView and Test Container

Kernel mode WinDbg extension and PoCs for token privilege investigation.

Excel Macro Document Reader/Writer for Red Teamers & Analysts

A .NET tool for exporting and importing certificates without touching disk.

C# 读取本机对外RDP连接记录和其他主机对该主机的连接记录，从而在内网渗透中获取更多可通内网网段信息以及定位运维管理人员主机

Tools and PoCs for Windows syscall investigation.

VMUnprotect.Dumper can dynamically untamper VMProtected Assembly.

Simple executable generator with encrypted shellcode.

.NET deobfuscator and unpacker.

Obfuscate ECMA CIL (.NET IL) assemblies to evade Windows Defender AMSI

通过分析类与成员间的关系来对抗Proguard混淆规则.Anti proguard through analysing classes and members' relationship

Quickly search for references to a GUID in DLLs, EXEs, and drivers