RythmStick

AMSITrigger

The Hunt for Malicious Strings

ProxyPunch

Finding SSL Blindspots for Red Teams

CVE-2019-1064

CVE-2019-1064 Local Privilege Escalation Vulnerability

MailSniper

MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords, insider intel, network architecture information, etc.). It can be used as a non-administrative user to search their own email, or by an administrator to search the mailboxes of every user in a domain.

GetCompliant

Extracts passwords from file that match specified complexity

G_CiOptions-offsets

g_CiOptions offset from CiInitialize

Misc

CovenantC2Deploy

Farmer

Ger

Perfusion

Exploit for the RpcEptMapper registry key permissions vulnerability (Windows 7 / 2088R2 / 8 / 2012)

rythmstick.github.io

Sharp-Suite

My musings with C#

SharpUp

SharpUp is a C# port of various PowerUp functionality.

SMBGhost_RCE_PoC

CobaltStrike

CobaltStrike's source code

CVE-2018-19320

Exploiting ring0 memcpy-like functionality to disable Driver Signing Enforcement (DSE)

CVE-2019-0841

PoC code for CVE-2019-0841 Privilege Escalation vulnerability

CVE-2021-31166

Proof of concept for CVE-2021-31166, a remote HTTP.sys use-after-free triggered remotely.

libesedb

Library and tools to access the Extensible Storage Engine (ESE) Database File (EDB) format.

Lsass-Shtinkering

psm

RemotePotato0

Just another "Won't Fix" Windows Privilege Escalation from User to Domain Admin.

Spray

statistically-likely-usernames

Wordlists for creating statistically likely username lists for use in password attacks and security testing