Extract Windows credentials directly from VM memory snapshots and virtual disks

Self-cleaning in-memory PICO loader for Crystal Palace. Automatically erases traces and operates entirely in memory for stealthy payload execution.

abusing windows toast notifications for fun and user manipulation

The modern Java bytecode editor

A Python based ingestor for BloodHound

AntiVirus Evasion Tool

Diaphora, the most advanced Free and Open Source program diffing tool.

A BOF that runs unmanaged PEs inline

Sleep Obfuscation

LoadLibrary for offensive operations

TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts

Encrypted shellcode Injection to avoid Kernel triggered memory scans

Quietly enumerate an Active Directory Domain via LDAP parsing users, admins, groups, etc.

Repo for all the SKF Docker lab examples

game of active directory

A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques.

COFF file (BOF) for managing Kerberos tickets.

bespoke tooling for offensive security's Windows Usermode Exploit Dev course (OSED)

Exploring RPC interfaces on Windows

A .NET Runtime for Cobalt Strike's Beacon Object Files

Remote operations commands implemented using Beacon Object Files

Library of tools and examples for loading/bootstrapping managed code from unmanaged code in .NET

Retrieves exported functions from a legitimate DLL and generates a proxy DLL source code/template for DLL proxy loading or sideloading

Shikata ga nai (仕方がない) encoder ported into go with several improvements

miscellaneous scripts and programs