TCP connection hijacker, Rust rewrite of shijack

Decrypt GlobalProtect configuration and cookie files.

Automatically extract and decrypt all configured scanning credentials of a Lansweeper instance.

Win32 port of OpenSSH

Egress-Assess is a tool used to test egress data detection capabilities

bbs is a router for SOCKS and HTTP proxies. It exposes a SOCKS5 (or HTTP CONNECT) service and forwards incoming requests to proxies or chains of proxies based on the request's target. Routing can b…

Research into Undocumented Behavior of Azure AD Refresh Tokens

Extract data of TTD trace file to a minidump

UAC Bypass By Abusing Kerberos Tickets

PoC to coerce authentication from Windows hosts using MS-WSP

In-depth ldap enumeration utility

HVNC for Cobalt Strike

A flexible tool for redirecting a given program's TCP traffic to SOCKS5 or HTTP proxy.

DavRelayUp - a universal no-fix local privilege escalation in domain-joined windows workstations where LDAP signing is not enforced (the default settings).

TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts

Nidhogg is an all-in-one simple to use windows kernel rootkit.

mTLS-Encrypted Back-Connect SOCKS5 Proxy

SCCMHunter is a post-ex tool built to streamline identifying, profiling, and attacking SCCM related assets in an Active Directory domain.

Python version of the C# tool for "Shadow Credentials" attacks

Situational Awareness commands implemented using Beacon Object Files

Python based Bloodhound data converter from the legacy pre 4.1 format to 4.1+ format

Apply a divide and conquer approach to bypass EDRs

Socks4a proxy leveraging PIC, Websockets and static obfuscation on assembly level

Shellcode implementation of Reflective DLL Injection. Convert DLLs to position independent shellcode