DEFCON 32 Badge Game

Printer Exploitation Toolkit - The tool that made dumpster diving obsolete.

Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!

onedrive user enumeration - pentest tool to enumerate valid o365 users

SeImpersonate privilege escalation tool for Windows 8 - 11 and Windows Server 2012 - 2022 with extensive PowerShell and .NET reflection support.

Impacket is a collection of Python classes for working with network protocols.

C# Data Collector for BloodHound

A Python based ingestor for BloodHound

Lists who can read any gMSA password blobs and parses them if the current user has access.

Six Degrees of Domain Admin

Trying to tame the three-headed dog.

Tool for Active Directory Certificate Services enumeration and abuse

A little tool to play with Windows security

A repository with my notable code snippets for Offensive Security's PEN-300 (OSEP) course.

Windows NT x64 Syscall tables

Python version of the C# tool for "Shadow Credentials" attacks

Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from memory and runs them with parameters

A fork of AFL for fuzzing Windows binaries

RpcView is a free tool to explore and decompile Microsoft RPC interfaces

A .net OLE/COM viewer and inspector to merge functionality of OleView and Test Container

Windows NT x64 syscall fuzzer

Experimental PoC for unhooking API functions using in-memory patching, without VirtualProtect, for one specific EDR.

DavRelayUp - a universal no-fix local privilege escalation in domain-joined windows workstations where LDAP signing is not enforced (the default settings).

PE obfuscator with Evasion in mind

.NET assembly loader with patchless AMSI and ETW bypass

PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw or other functions.

Loading Remote AES Encrypted PE in memory , Decrypted it and run it