Abusing mhyprotect to kill AVs / EDRs / XDRs / Protected Processes.

Windows Privilege Escalation Techniques and Scripts

A memory scanning evasion technique

Introductory guide on the configuration and subsequent exploitation of Active Directory Certificate Services with Certipy. Based on the white paper Certified Pre-Owned.

Aggressor Script, Kits, Malleable C2 Profiles, External C2 and so on

Aggressor Script, Kits, Malleable C2 Profiles, External C2 and so on

SharpUp is a C# port of various PowerUp functionality.

Dump the memory of a PPL with a userland exploit

Some useful scripts for CobaltStrike

JAWS - Just Another Windows (Enum) Script

Tool to audit and attack LAPS environments

Just another Powerview alternative

Another Windows Local Privilege Escalation from Service Account to System

Indirect Dynamic Syscall, SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird + Spawns a sacrificial Process as target process + (ACG+Bloc…

Code snippets to add on top of cobalt strike sleepmask kit so that ekko can work in a CFG protected process

SpoolSample -> Responder w/NetNTLM Downgrade -> NetNTLMv1 -> NTLM -> Kerberos Silver Ticket

Hellsgate + Halosgate/Tartarosgate. Ensures that all systemcalls go through ntdll.dll

Resolve the issue of DLLmain function in white and black DLLs hanging when calling shellcode

HTB Certified Penetration Testing Specialist CPTS Study

Local Service to SYSTEM privilege escalation from Windows 7 to Windows 10 / Server 2019

shellcode免杀加载器，过主流杀软

KQL Queries. Microsoft Defender, Microsoft Sentinel

C# implementation of harmj0y's PowerView

Process Herpaderping proof of concept, tool, and technical deep dive. Process Herpaderping bypasses security products by obscuring the intentions of a process.

PowerShell Constrained Language Mode Bypass

Xshell全版本密码恢复工具

Killer tool is designed to bypass AV/EDR security tools using various evasive techniques.

Umbraco CMS 7.12.4 - (Authenticated) Remote Code Execution

寻找可利用的白文件