screetsec

DeepFaceLive

Real-time face swap for PC streaming or video calls

chatgpt-mac

ChatGPT for Mac, living in your menubar.

osmedeus

A Workflow Engine for Offensive Security

NetExec

The Network Execution Tool

BypassAV

This map lists the essential techniques to bypass anti-virus and EDR

dismap

Asset discovery and identification tools 快速识别 Web 指纹信息，定位资产类型。辅助红队快速定位目标资产信息，辅助蓝队发现疑似脆弱点

is-website-vulnerable

finds publicly known security vulnerabilities in a website's frontend JavaScript libraries

taowu-cobalt_strike

PrintSpoofer

Abusing impersonation privileges through the "Printer Bug"

CS-Situational-Awareness-BOF

Situational Awareness commands implemented using Beacon Object Files

ThePhish

ThePhish: an automated phishing email analysis tool

BestEdrOfTheMarket

Little user-mode AV/EDR evasion lab for training & learning purposes

PowerHub

A post exploitation tool based on a web application, focusing on bypassing endpoint protection and application whitelisting

emux

EMUX Firmware Emulation Framework (formerly ARMX)

SharpMapExec

h2csmuggler

HTTP Request Smuggling over HTTP/2 Cleartext (h2c)

HijackLibs

Project for tracking publicly disclosed DLL Hijacking opportunities.

Dirty-Vanity

A POC for the new injection technique, abusing windows fork API to evade EDRs. https://www.blackhat.com/eu-22/briefings/schedule/index.html#dirty-vanity-a-new-approach-to-code-injection--edr-bypass-28417

nacs

事件驱动的渗透测试扫描器 Event-driven pentest scanner

viewgen

Viewgen is a ViewState tool capable of generating both signed and encrypted payloads with leaked validation keys

rootkit-rs

Rusty Rootkit - Windows Kernel Rookit in Rust (Codename: Eagle)

shennina

Automating Host Exploitation with AI

windows-coerced-authentication-methods

A list of methods to coerce a windows machine to authenticate to an attacker-controlled machine through a Remote Procedure Call (RPC) with various protocols.

exploit-writing-for-oswe

Tips on how to write exploit scripts (faster!)

SharpC2

Command and Control Framework written in C#

APT06202001

Applied Purple Teaming - (ITOCI4hr) - Infrastructure, Threat Optics, and Continuous Improvement - June 6, 2020

RedTeamOps-Havoc-101

Materials for the workshop "Red Team Ops: Havoc 101"

swurg

Parse OpenAPI documents into Burp Suite for automating OpenAPI-based APIs security assessments (approved by PortSwigger for inclusion in their official BApp Store).

mkpath

Make URL path combinations using a wordlist

manage2decrypt

ManageEngine OpManager Decryption Tools