CCob

SweetPotato

Local Service to SYSTEM privilege escalation from Windows 7 to Windows 10 / Server 2019

SharpBlock

A method of bypassing EDR's active projection DLL's by preventing entry point exection

BeaconEye

Hunts out CobaltStrike beacons and logs operator command output

ThreadlessInject

Threadless Process Injection using remote function hooking.

BOF.NET

A .NET Runtime for Cobalt Strike's Beacon Object Files

lsarelayx

NTLM relaying for Windows made easy

Volumiser

MirrorDump

Another LSASS dumping tool that uses a dynamically compiled LSA plugin to grab an lsass handle and API hooking for capturing the dump in memory

okta-terrify

Okta Verify and Okta FastPass Abuse Tool

MinHook.NET

A C# port of the MinHook API hooking library

gssapi-abuse

A tool for enumerating potential hosts that are open to GSSAPI abuse within Active Directory networks

PIVert

dnMerge

A lightweight .NET assembly dependency merger that uses dnLib and 7zip's LZMA SDK for compressing dependant assemblies.

PinSwipe

Smart Card PIN swiping DLL

PwnyForm

ProvisionAppx

bittrex4j

Java library for accessing the Bittrex Web API's and Web Sockets

Rubeus

Trying to tame the three-headed dog.

InlineExecute-Assembly

InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assembly execution as an alternative to Cobalt Strikes traditional fork and run execute-assembly module

nmap

Nmap - the Network Mapper. Github mirror of official SVN repository.

nodebb-plugin-onesignal

Allows NodeBB to interface with the OneSignal service in order to provide push notifications via OneSignal, originally forked from nodebb-plugin-pushbullet

Certify

Active Directory certificate abuse.

impacket

Impacket is a collection of Python classes for working with network protocols.

sandbox-attacksurface-analysis-tools

Set of tools to analyze Windows sandboxes for exposed attack surface.

AceLdr

Cobalt Strike UDRL for memory scanner evasion.

bndutil

Provides blocknode-specific convenience functions and types

chisel

A fast TCP/UDP tunnel over HTTP

SharpHoundCommon

Common library used by SharpHound.

socks5

SOCKS5 server in Golang

SSH.NET

SSH.NET is a Secure Shell (SSH) library for .NET, optimized for parallelism.