Bypassing EDR's with stealthy c++ telegram Bot and Telegram itself as C2 interface !

psexecsvc - a python implementation of PSExec's native service implementation

Dig your way out of networks like a Meerkat using SSH tunnels via ClickOnce.

abusing windows toast notifications for fun and user manipulation

A stealthier approach to WMI-based command execution using Impacket without touching the disk.

Siege is an http load tester and benchmarking utility

Bof of RegPwn by MDSec

KslDump — Why bring your own knife when Defender already left one in the kitchen?

Extract Windows credentials directly from VM memory snapshots and virtual disks

Monitor the Windows Event Log with grep-like features or filtering for specific Event IDs

Active Directory information dumper via ADWS for evasion purposes.

Organizational asset discovery tool with 20+ plugins covering certificate transparency, passive DNS, and all 5 Regional Internet Registries.

Bring your own Unwind Data Framework

A Cobalt Strike RL built with Crystal Palace — module overloading, NtContinue entry transfer, call stack spoofing, sleep masking, and static signature removal.

Phantom is project created to perform loading and executing .NET assemblies directly in memory within an IIS environment running in full‑trust mode. Instead of relying on file‑based approach, it us…

Lnk crafting and research tools

C2-agnostic BOF collection, categorized by attack chain phase. Designed to be small and modular, allowing for quick execution and automation.

Printer exploitation framework for penetration testing. Discovers printers via PJL scanning, checks for default credentials, and extracts stored credentials through pass-back attacks and protocol-l…

Proof-of-Concept tool to dump trusted domain objects

Tools to bypass flawed SELinux policies using the init_module system call

Kerberos CNAME abuse PoC

A BloodHound OpenGraph collector that models Windows local privilege escalation as interconnected attack paths.

The Azure Execution Tool

OBLITERATE THE CHAINS THAT BIND YOU

A C# MS SQL toolkit designed for offensive reconnaissance and post-exploitation.

ASPX Web Shell with COFF Loader

Notion C2 Profile for Mythic

Automated DLL Hijacking Discovery, Validation, and Confirmation. Turning local misconfigurations into weaponized, confirmed attack paths.

PoC exploit for the vulnerable (eb.sys or UnknownKiller.sys) – weaponized to kill protected EDR/AV processes via BYOVD.