Parser for Windows PowerShell script block logs

PowerDecode is a PowerShell-based tool that allows to deobfuscate PowerShell scripts obfuscated across multiple layers. The tool performs code dynamic analysis, extracting malware hosting URLs and …

Modular cross-platform Microsoft Graph API (Entra, o365, and Intune) enumeration and exploitation toolkit

Microsoft Defender for Endpoint Proxy (Device Timeline, ...)

A simple mitmproxy blueprint to intercept HTTPS traffic from app running on Kubernetes

Remote Kerberos Relay made easy! Advanced Kerberos Relay Framework

Read Chromium data (namely, cookies and local storage) straight from disk, without spinning up the browser.

crtdumper is a Go application designed to interact directly with Certificate Transparency (CT) logs servers and extract domain names from certificates. Perfect for security researchers and develope…

Firefox Decrypt is a tool to extract passwords from Mozilla (Firefox™, Waterfox™, Thunderbird®, SeaMonkey®) profiles

Nebula is a cloud C2 Framework, which at the moment offers reconnaissance, enumeration, exploitation, post exploitation on AWS, but still working to allow testing other Cloud Providers and DevOps C…

Evilginx Phishing Engagement Infrastructure Setup Guide

The Network Execution Tool

SubCrawl is a modular framework for discovering open directories, identifying unique content through signatures and organizing the data with optional output modules, such as MISP.

This tool extracts and displays data from the Recall feature in Windows 11, providing an easy way to access information about your PC's activity snapshots.

Dump cookies and credentials directly from Chrome/Edge process memory

A centralized and enhanced memory analysis platform

Lightweight LLM Interaction Framework

Automated .NET AppDomain hijack payload generation

Tools for interacting with authentication packages using their individual message protocols

Dump lsass using only Native APIs by hand-crafting Minidump files (without MinidumpWriteDump!)

Initial Access and Post-Exploitation Tool for AAD and O365 with a browser-based GUI

A tool collection for filtering and visualizing logon events. Designed to help answering the "Cotton Eye Joe" question (Where did you come from where did you go) in Security Incidents and Threat Hunts

CLI tool and library for generating a Software Bill of Materials from container images and filesystems

A commandline tool which takes as input a .har (HTTP Archive) file and dumps a human-readable summary of it to the console

Add a layer of active defense to your cloud applications.

An evolving repository of CloudTrail events with detailed descriptions, MITRE ATT&CK insights, real-world incidents, references and security implications