CCob

SweetPotato

Local Service to SYSTEM privilege escalation from Windows 7 to Windows 10 / Server 2019

SharpBlock

A method of bypassing EDR's active projection DLL's by preventing entry point exection

BeaconEye

Hunts out CobaltStrike beacons and logs operator command output

ThreadlessInject

Threadless Process Injection using remote function hooking.

BOF.NET

A .NET Runtime for Cobalt Strike's Beacon Object Files

lsarelayx

NTLM relaying for Windows made easy

Volumiser

okta-terrify

Okta Verify and Okta FastPass Abuse Tool

DRSAT

Disconnected RSAT - A method of running Group Policy Manager, Certificate Authority and Certificate Templates MMC snap-ins from non-domain joined machies

MinHook.NET

A C# port of the MinHook API hooking library

gssapi-abuse

A tool for enumerating potential hosts that are open to GSSAPI abuse within Active Directory networks

Shwmae

PIVert

dnMerge

A lightweight .NET assembly dependency merger that uses dnLib and 7zip's LZMA SDK for compressing dependant assemblies.

ProvisionAppx

bittrex4j

Java library for accessing the Bittrex Web API's and Web Sockets

SQL-BOF

Library of BOFs to interact with SQL servers

chlonium

Chromium Cookie import / export tool

Rubeus

Trying to tame the three-headed dog.

InlineExecute-Assembly

InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assembly execution as an alternative to Cobalt Strikes traditional fork and run execute-assembly module

sandbox-attacksurface-analysis-tools

Set of tools to analyze Windows sandboxes for exposed attack surface.

nodebb-plugin-onesignal

Allows NodeBB to interface with the OneSignal service in order to provide push notifications via OneSignal, originally forked from nodebb-plugin-pushbullet

Certify

Active Directory certificate abuse.

impacket

Impacket is a collection of Python classes for working with network protocols.

AceLdr

Cobalt Strike UDRL for memory scanner evasion.

chisel

A fast TCP/UDP tunnel over HTTP

SharpHoundCommon

Common library used by SharpHound.

socks5

SOCKS5 server in Golang

SSH.NET

SSH.NET is a Secure Shell (SSH) library for .NET, optimized for parallelism.

titanldr-ng

A newer iteration of TitanLdr with some newer hooks, and design. A generic user defined reflective DLL I built to prove a point to Mudge years ago.