virgilcj

codasm

Payload encoding utility to effectively lower payload entropy.

MSC_Dropper

frameless-bitb

A new approach to Browser In The Browser (BITB) without the use of iframes, allowing the bypass of traditional framebusters implemented by login pages like Microsoft and the use with Evilginx.

ccmpwn

CredMaster

Refactored & improved CredKing password spraying tool, uses FireProx APIs to rotate IP addresses, stay anonymous, and beat throttling

PE-Obfuscator

PE obfuscator with Evasion in mind

FilelessPELoader

Loading Remote AES Encrypted PE in memory , Decrypted it and run it

frida-interception-and-unpinning

Frida scripts to directly MitM all HTTPS traffic from a target mobile application

no-defender

A slightly more fun way to disable windows defender + firewall. (through the WSC api)

NativeDump

Dump lsass using only Native APIs by hand-crafting Minidump files (without MinidumpWriteDump!)

Nimperiments

Various one-off pentesting projects written in Nim. Updates happen on a whim.

Pentest-Tools-Collection

Artillery

CIA UAC bypass implementation that utilizes elevated COM object to write to System32 and an auto-elevated process to execute as administrator.

PoolParty

A set of fully-undetectable process injection techniques abusing Windows Thread Pools

Spartacus

Spartacus DLL/COM Hijacking Toolkit

FullBypass

A tool which bypasses AMSI (AntiMalware Scan Interface) and PowerShell CLM (Constrained Language Mode) and gives you a FullLanguage PowerShell reverse shell.

InflativeLoading

Dynamically convert an unmanaged EXE or DLL file to PIC shellcode by prepending a shellcode stub.

EternelSuspention

a simple poc showcasing the ability of an admin to suspend EDR's protected processes , making it useless

SOAPHound

SOAPHound is a custom-developed .NET data collector tool which can be used to enumerate Active Directory environments via the Active Directory Web Services (ADWS) protocol.

BobTheSmuggler

"Bob the Smuggler": A tool that leverages HTML Smuggling Attack and allows you to create HTML files with embedded 7z/zip archives. The tool would compress your binary (EXE/DLL) into 7z/zip file format, then XOR encrypt the archive and then hides inside PNG/GIF image file format (Image Polyglots).

Moriarty

Moriarty is designed to enumerate missing KBs, detect various vulnerabilities, and suggest potential exploits for Privilege Escalation in Windows environments.

GTFONow

Automatic privilege escalation for misconfigured capabilities, sudo and suid binaries using GTFOBins.

Stinger

CIA UAC bypass implementation of Stinger that obtains the token from an auto-elevated process, modifies it, and reuses it to execute as Administrator.

Marble

The CIA's Marble Framework is designed to allow for flexible and easy-to-use obfuscation when developing tools.

Nidhogg

Nidhogg is an all-in-one simple to use rootkit.

EDRSilencer

A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the server.

sj

A tool for auditing endpoints defined in exposed (Swagger/OpenAPI) definition files.

WolfPack

WolfPack combines the capabilities of Terraform and Packer to streamline the deployment of red team redirectors on a large scale.

exfiltrate

exfiltration/infiltration toolkit

BucketHoarder