maxDcb

Microsoft-Activation-Scripts

Open-source Windows and Office activator featuring HWID, Ohook, KMS38, and Online KMS activation methods, along with advanced troubleshooting.

gophish

Open-Source Phishing Toolkit

systeminformer

A free, powerful, multi-purpose tool that helps you monitor system resources, debug software and detect malware. Brought to you by Winsider Seminars & Solutions, Inc. @ http://www.windows-internals.com

evilginx2

Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication

proxychains-ng

proxychains ng (new generation) - a preloader which hooks calls to sockets in dynamically linked programs and redirects it through one or more socks/http proxies. continuation of the unmaintained proxychains project. the sf.net page is currently not updated, use releases from github release page instead.

angr

A powerful and user-friendly binary analysis platform!

p0wny-shell

Single-file PHP shell

Coercer

A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through 12 methods.

inceptor

Template-Driven AV/EDR Evasion Framework

AlternativeShellcodeExec

Alternative Shellcode Execution Via Callbacks

QRLJacking

QRLJacking or Quick Response Code Login Jacking is a simple-but-nasty attack vector affecting all the applications that relays on “Login with QR code” feature as a secure way to login into accounts which aims for hijacking users session by attackers.

SysWhispers3

SysWhispers on Steroids - AV/EDR evasion via direct system calls.

Stardust

A modern 64-bit position independent implant template

angr-management

The official angr GUI.

GadgetToJScript

A tool for generating .NET serialized gadgets that can trigger .NET assembly load/execution when deserialized using BinaryFormatter from JS/VBS/VBA based scripts.

github-rater

📊 Check your GitHub rating, view results and enhance your profile quality.

SilentMoonwalk

PoC Implementation of a fully dynamic call stack spoofer

moneta

Moneta is a live usermode memory analysis tool for Windows with the capability to detect malware IOCs

DInvoke

Dynamically invoke arbitrary unmanaged code from managed code without PInvoke.

DarkWidow

Indirect Dynamic Syscall, SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird + Spawns a sacrificial Process as target process + (ACG+BlockDll) mitigation policy on spawned process + PPID spoofing + Api resolving from TIB + API hashing

BypassUAC

Use ICMLuaUtil to Bypass UAC!

UltimateWDACBypassList

A centralized resource for previously documented WDAC bypass techniques

Beacon_Source

not a reverse-engineered version of the Cobalt Strike Beacon

PythonMemoryModule

pure-python implementation of MemoryModule technique to load dll and unmanaged exe entirely from memory

LoudSunRun

Stack Spoofing with Synthetic frames based on the work of namazso, SilentMoonWalk, and VulcanRaven

ETWInspector

AMSI_VEH

A Powershell AMSI Bypass technique via Vectored Exception Handler (VEH). This technique does not perform assembly instruction patching, function hooking or Import Address Table (IAT) modification.

BOAZ_beta

Multilayered AV/EDR Evasion Framework

C2TeamServer

TeamServer and Client of Exploration Command and Control Framework

OpenShiftGrapher

OpenShift Pentesting Tool for enumerating and graphing clusters in Neo4j