JerzyRybak

InvisibilityCloak

Proof-of-concept obfuscation toolkit for C# post-exploitation tools

adversary_emulation_library

An open library of adversary emulation plans designed to empower organizations to test their defenses based on real-world TTPs.

EDRSandblast

AtomPePacker

A Highly capable Pe Packer

RT-Tricks

StandIn

StandIn is a small .NET35/45 AD post-exploitation toolkit

BadBlood

BadBlood by @davidprowe, Secframe.com, fills a Microsoft Active Directory Domain with a structure and thousands of objects. The output of the tool is a domain similar to a domain in the real world. After BadBlood is ran on a domain, security analysts and engineers can practice using tools to gain an understanding and prescribe to securing Active Directory. Each time this tool runs, it produces different results. The domain, users, groups, computers and permissions are different. Every. Single. Time.

Empire

Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.

SharPersist

KrbRelayUp

KrbRelayUp - a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).

donut

Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from memory and runs them with parameters

ProtectMyTooling

Multi-Packer wrapper letting us daisy-chain various packers, obfuscators and other Red Team oriented weaponry. Featured with artifacts watermarking, IOCs collection & PE Backdooring. You feed it with your implant, it does a lot of sneaky things and spits out obfuscated executable.

evil-mhyprot-cli

A PoC for Mhyprot2.sys vulnerable driver that allowing read/write memory in kernel/user via unprivileged user process.

Mhyprot2DrvControl

A lib that allows using mhyprot2 driver for enum process modules, r/w process memory and kill process.

RedWarden

Cobalt Strike C2 Reverse proxy that fends off Blue Teams, AVs, EDRs, scanners through packet inspection and malleable profile correlation

EDRs

impacket

Impacket is a collection of Python classes for working with network protocols.

malleable-c2

Cobalt Strike Malleable C2 Design and Reference Guide

noPac

CVE-2021-42287/CVE-2021-42278 Scanner & Exploiter.

Rubeus

Trying to tame the three-headed dog.

cloudOneOnAWS

HealthCheckCore

This is a tool that will check your Deep Security for common configuration errors, it generates reports to help to fix these issues.

bart-ddi

moadsd-ng

The MOADSD-NG project does provide a simple way to setup a hybrid cloud security demo, playground and learning environment within the clouds.

SecureCodingDojo

The Secure Coding Dojo is a platform for delivering secure coding knowledge.