Aims to identify sleeping beacons

🔍 gowitness - a golang, web screenshot utility using Chrome Headless

Arcane - A secure remote desktop application for Windows with the particularity of having a server entirely written in PowerShell and a cross-platform client (Python/QT6).

ZSH integration for Impacket

This IDA plugin extends the functionality of the assembly and hex view. With this plugin, you can conveniently decode/decrypt/alter data directly from the IDA Pro interface.

KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.

GoodbyeDPI — Deep Packet Inspection circumvention utility (for Windows)

A tool that takes over Windows Updates to craft custom downgrades and expose past fixed vulnerabilities

Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.

Aralez is a triage tool for Windows that automates the collection of system information, network/process data, and files from NTFS.

SHELLSILO is a cutting-edge tool that translates C syntax into syscall assembly and its corresponding shellcode. It streamlines the process of constructing and utilizing structures, assigning varia…

The fast Rust-based web bundler with webpack-compatible API 🦀️

Opinionated Ubuntu Setup

PyInstaller Extractor Next Generation

🌀 Experience tranquillity while browsing the web without people tracking you!

Golang anti-vm framework for Red Team and Pentesters

You didn't think I'd go and leave the blue team out, right?

Adaptive DLL hijacking / dynamic export forwarding - EAT preserve

Simple POC library to execute arbitrary calls proxying them via NdrServerCall2 or similar

Hijacking valid driver services to load arbitrary (signed) drivers abusing native symbolic links and NT paths

Dump lsass using only NTAPIS running 3 programs to create 3 JSON and 1 ZIP file... and generate the Minidump later!

Sysmon-Like research tool for ETW

Leak of any user's NetNTLM hash. Fixed in KB5040434

The fastest way to create an HTML app

View8 - Decompiles serialized V8 objects back into high-level readable code.

Generator of https://github.com/TheWover/donut in pure Go. supports compression, AMSI/WLDP/ETW bypass, etc.

User-friendly WebUI for AI (Formerly Ollama WebUI)

A web application that allows the users to check whether their SPF, DMARC and DKIM configuration is set up correctly.

AttackGen is a cybersecurity incident response testing tool that leverages the power of large language models and the comprehensive MITRE ATT&CK framework. The tool generates tailored incident resp…