Process injection alternative

Modular cross-platform Microsoft Graph API (Entra, o365, and Intune) enumeration and exploitation toolkit

myADMonitor is an open-source Active Directory changes tracking tool

🎃 PumpBin is an Implant Generation Platform.

FlowAnalyzer is a tool to help in testing and analyzing OAuth 2.0 Flows, including OpenID Connect (OIDC).

Generic PE loader for fast prototyping evasion techniques

Defense Evasion Techniques Repository. This repository contains a collection of techniques designed to bypass Endpoint Detection and Response (EDR) and Extended Detection and Response (XDR) systems.

Fully customisable, offensive security reporting solution designed for pentesters, red teamers and other security-related people alike.

Evasion by machine code de-optimization.

Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) PhantomThread (An evolved callstack-masking implementation)

Anti Virtulization, Anti Debugging, AntiVM, Anti Virtual Machine, Anti Debug, Anti Sandboxie, Anti Sandbox, VM Detect package.

Remote Kerberos Relay made easy! Advanced Kerberos Relay Framework

Instrument any LLM to do actual stuff.

Example code samples from our ScriptBlock Smuggling Blog post

Section-based payload obfuscation technique for x64

Learn about a type of vulnerability that specifically targets machine learning models

LLM vulnerability scanner

MemoryModule which compatible with Win32 API and support exception handling

Collection of beacon BOF written to learn windows and cobaltstrike

Lateral Movement via the .NET Profiler

Slides & Code snippets for a workshop held @ x33fcon 2024

Positional Independent Code to extract clear text password from mstsc.exe using API Hooking via HWBP.

A technique that can be used to bypass AV/EDR memory scanners. This can be used to hide well-known and detected shellcodes (such as msfvenom) by performing on-the-fly decryption of individual encry…

This tool, programmed in C#, allows for the fast discovery and exploitation of vulnerabilities in MSSQL servers

PowerShell script to dump Microsoft Defender Config, protection history and Exploit Guard Protection History (no admin privileges required )

🦫 | GoRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team, with a specific focus on the Go programming language, all is made for educati…

HVNC based on RustDesk

SeImpersonate privilege escalation tool for Windows 8 - 11 and Windows Server 2012 - 2022 with extensive PowerShell and .NET reflection support.