Evasion by machine code de-optimization.

Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from memory and runs them with parameters

"Golden" certificates

ProjectDiscovery's Open Source Tool Manager

Because AV evasion should be easy.

🔍 gowitness - a golang, web screenshot utility using Chrome Headless

A fast, simple, recursive content discovery tool written in Rust.

WMEye is a post exploitation tool that uses WMI Event Filter and MSBuild Execution for lateral movement

markdown friendly page for my viewers

An encyclopedia for offensive and defensive security knowledge in cloud native technologies.

Retired TrustedSec Capabilities

SOAPHound is a custom-developed .NET data collector tool which can be used to enumerate Active Directory environments via the Active Directory Web Services (ADWS) protocol.

Nishang - Offensive PowerShell for red team, penetration testing and offensive security.

AWS API Gateway management tool for creating on the fly HTTP pass-through proxies for unique IP rotation

HTTP 403 bypass tool

Wiki to collect Red Team infrastructure hardening resources

Automated .NET AppDomain hijack payload generation

A tool to abuse Exchange services

Indirect Dynamic Syscall, SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird + Spawns a sacrificial Process as target process + (ACG+Bloc…

A tool to generate a wordlist from the information present in LDAP, in order to crack passwords of domain accounts.

notes, honeypot, and exploit demo for the xz backdoor (CVE-2024-3094)

Shoggoth: Asmjit Based Polymorphic Encryptor

#1 Locally hosted web application that allows you to perform various operations on PDF files

Malware As A Service

DPAPI looting remotely and locally in Python

Misconfiguration Manager is a central knowledge base for all known Microsoft Configuration Manager tradecraft and associated defensive and hardening guidance.