wsummerhill

PortBender

TCP Port Redirection Utility

TelemetrySourcerer

Enumerate and disable common sources of telemetry used by AV/EDR.

NetExec

The Network Execution Tool

NativeDump

Dump lsass using only Native APIs by hand-crafting Minidump files (without MinidumpWriteDump!)

PyRIT

The Python Risk Identification Tool for generative AI (PyRIT) is an open access automation framework to empower security professionals and machine learning engineers to proactively find risks in their generative AI systems.

ccmpwn

Misconfiguration-Manager

Misconfiguration Manager is a central knowledge base for all known Microsoft Configuration Manager tradecraft and associated defensive and hardening guidance.

Evilginx2-Phishlets

Evilginx3 Phishlets version (0.2.3 & above) Only For Testing/Learning Purposes

magika

Detect file content types with deep learning

pywhisker

Python version of the C# tool for "Shadow Credentials" attacks

SharpADWS

Active Directory reconnaissance and exploitation for Red Teams via the Active Directory Web Services (ADWS).

flare-floss

FLARE Obfuscated String Solver - Automatically extract obfuscated strings from malware.

SilkETW

ThreadlessInject-BOF

BOF implementation of @_EthicalChaos_'s ThreadlessInject project. A novel process injection technique with no thread creation, released at BSides Cymru 2023.

Shhhloader

Syscall Shellcode Loader (Work in Progress)

caOptics

CA Optics - Azure AD Conditional Access Gap Analyzer

Stardust

A modern 64-bit position independent implant template

PurpleOps

An open-source self-hosted purple team management web application.

PurpleLab

PurpleLab is an efficient and readily deployable lab solution, providing a swift setup for cybersecurity professionals to test detection rules, simulate logs, and undertake various security tasks, all accessible through a user-friendly web interface

MultiDump

MultiDump is a post-exploitation tool for dumping and extracting LSASS memory discreetly.

Cobalt-Strike-Profiles-for-EDR-Evasion

Cobalt Strike Profiles for EDR Evasion

COM-Hunter

COM Hijacking VOODOO

CredMaster

Refactored & improved CredKing password spraying tool, uses FireProx APIs to rotate IP addresses, stay anonymous, and beat throttling

CsWhispers

Source generator to add D/Invoke and indirect syscall methods to a C# project.

CursedChrome

Chrome-extension implant that turns victim Chrome browsers into fully-functional HTTP proxies, allowing you to browse sites as your victims.

GraphRunner

A Post-exploitation Toolset for Interacting with the Microsoft Graph API

GraphStrike

Cobalt Strike HTTPS beaconing over Microsoft Graph API

MutationGate

Use hardware breakpoint to dynamically change SSN in run-time

PPLFaultDumpBOF

Evasive-Loader

Evasive loader to bypass static detection