Cobalt Strike BOF that extracts selected Windows registry hives directly from a raw NTFS volume by parsing NTFS metadata and reading file data straight from disk.

A modern alternative Web-UI for the Mythic Command and Control Server

This repo contains the results of an internal re-write of impacket I undertook at my current company. It contains some of the IoCs found within the library

An AI-powered agentic red team framework that automates offensive security operations, from reconnaissance to exploitation to post-exploitation, with zero human intervention.

InfraGuard is a Command & Control Redirection Proxy and Manager which protects your Red Team Infrastructure against threat attribution

claude-red is a curated library of offensive security skills designed for the Claude skills system. Each skill is a structured SKILL.md file that primes Claude with expert-level methodology for a s…

Conquest is a feature-rich and malleable command & control/post-exploitation framework developed in Nim.

Async BOF to capture KeePass master passwords by detecting and keylogging locked database windows.

This cheatsheet maps common impacket workflows to their modern alternatives

Gopacket is a clean Go implementation of Impacket, a library intended for working with network protocols.

Claude Desktop for Linux

In-memory BOF implementation of Silent Process Exit LSASS dump via RtlReportSilentProcessExit

Tailscale-based Windows VNC persistence tool with Session 0 isolation bypass, embedding a full WireGuard peer and RFB server into a single drop-in binary.

abusing windows toast notifications for fun and user manipulation

A small collection of Crystal Palace PIC loaders designed for use with Cobalt Strike

Cobalt Strike BOF used to perform privilege escalation by exploiting the SeImpersonate privilege. Based on the original GodPotato PoC by BeichenDream.

The agent harness performance optimization system. Skills, instincts, memory, security, and research-first development for Claude Code, Codex, Opencode, Cursor and beyond.

The Fully Customizable Desktop Environment for Windows 10/11.

Agent for AdaptixC2 with focus in evasion, capability and malleable.

A curated list of Claude Skills.

The SpecterOps project management and reporting engine

Agentic AI Infrastructure for magnifying HUMAN capabilities.

Initial Access and Post-Exploitation Tool for Entra ID and M365 with a browser-based GUI

A tool leveraging Kerberos tickets to get Microsoft 365 access tokens using Seamless SSO

Chrome browser extension-based Command & Control

FrontHunter is a tool for testing large lists of domains to identify candidates for domain fronting.

Lab research on Windows loader internals, PE loading, stack artifacts, and execution tradeoffs.

KslDump — Why bring your own knife when Defender already left one in the kitchen?

BAADTokenBroker is a post-exploitation tool designed to interact with Microsoft Entra ID device-bound keys.

Extract Windows credentials directly from VM memory snapshots and virtual disks