bohops

UltimateWDACBypassList

A centralized resource for previously documented WDAC bypass techniques

SharpRDPHijack

A POC Remote Desktop (RDP) session hijack utility for disconnected sessions

GhostBuild

GhostBuild is a collection of simple MSBuild launchers for various GhostPack/.NET projects

WSMan-WinRM

A collection of proof-of-concept source code and scripts for executing remote commands over WinRM using the WSMan.Automation COM object

DynamicDotNet

A collection of various and sundry code snippets that leverage .NET dynamic tradecraft

RogueAssemblyHunter

Rogue Assembly Hunter is a utility for discovering 'interesting' .NET CLR modules in running processes.

paSSH

A simple Python SSH server that reveals passwords of connecting clients

pyrevtun

A pure Python reverse tunnel/reverse port forward utility (prototype) to forward TCP protocols over SSL/TLS.

IISAppPoolCreds

Retrieve the IIS Application Pool Credentials. Relies on the WebAdministration PowerShell Module.

PRUA

PASSWORD RE-USE AUDITOR

SharpCradle

Random

Assorted scripts and one off things

LOLBAS

Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)

YaraTools

Over 100K open-source YARA signatures evaluated against over 280K files to give insights into the performance of each YARA rule.

atomic-red-team

Small and highly portable detection tests based on MITRE's ATT&CK.

CVE-2021-40444-Sample

CVE-2021-40444 Sample

sigma

Main Sigma Rule Repository

windows-itpro-docs

This is used for contributions to the Windows 10 content for IT professionals on docs.microsoft.com.