healtheedom

MalwareSourceCode

Collection of malware source code for a variety of platforms in an array of different programming languages.

recon-ng

Open Source Intelligence gathering tool aimed at reducing the time spent harvesting information from open sources.

POC

收集整理漏洞EXP/POC,大部分漏洞来源网络，目前收集整理了1100多个poc/exp，长期更新。

Loki

Loki - Simple IOC and YARA Scanner

RustRedOps

🦀 | RustRedOps is a repository for advanced Red Team techniques and offensive malware, focused on Rust

Zygisk-Assistant

A Zygisk module to hide root for KernelSU, Magisk and APatch, designed to work on Android 5.0 and above.

MANSPIDER

Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!

pretender

Your MitM sidekick for relaying attacks featuring DHCPv6 DNS takeover as well as mDNS, LLMNR and NetBIOS-NS spoofing.

CobaltStrikeScan

Scan files or process memory for CobaltStrike beacons and parse their configuration

SilkETW

LazySign

Create fake certs for binaries using windows binaries and the power of bat files

RemoteKrbRelay

Remote Kerberos Relay made easy! Advanced Kerberos Relay Framework

siofra

EtwExplorer

View ETW Provider manifest

dploot

DPAPI looting remotely and locally in Python

Evilginx-Phishing-Infra-Setup

Evilginx Phishing Engagement Infrastructure Setup Guide

Packer_Development

Slides & Code snippets for a workshop held @ x33fcon 2024

SigmaPotato

SeImpersonate privilege escalation tool for Windows 8 - 11 and Windows Server 2012 - 2022 with extensive PowerShell and .NET reflection support.

SharpAdidnsdump

c# implementation of Active Directory Integrated DNS dumping (authenticated user)

SQL-BOF

Library of BOFs to interact with SQL servers

AMSI_VEH

A Powershell AMSI Bypass technique via Vectored Exception Handler (VEH). This technique does not perform assembly instruction patching, function hooking or Import Address Table (IAT) modification.

edr_blocker

Blocks EDR Telemetry by performing Person-in-the-Middle attack where network filtering is applied using iptables. The blocked destination IP addresses are parsed based on the server name in TLS Client Hello packet and the provided blocked server name (or blocked string) list in the file.

ASRepCatcher

Make everyone in your VLAN ASRep roastable

SharpIncrease

A Tool that aims to evade av with binary padding

ADcheck

Assess the security of your Active Directory with few or all privileges.

CheckCert

Obtain and parse SSL certificates

Lifetime-Amsi-EtwPatch

Two in one, patch lifetime powershell console, no more etw and amsi!

DefenderCheck

Identifies the bytes that Microsoft Defender flags on.

profiler-lateral-movement

Lateral Movement via the .NET Profiler

VectoredExceptionHandling