Harden Windows Safely, Securely using Official Supported Microsoft methods and proper explanation | Always up-to-date and works with the latest build of Windows | Provides tools and Guides for Pers…

A modern platform for visual, flexible, and extensible graph-based investigations. For cybersecurity analysts and investigators.

Custom EDR for testing some malware evasion techniques.

Bicep is a declarative language for describing and deploying Azure resources

Threat Model Knowledge Base - Security context source for AI-assisted development

This project aims to compare and evaluate the telemetry of various EDR products.

A tool for generating .NET serialized gadgets that can trigger .NET assembly load/execution when deserialized using BinaryFormatter from JS/VBS/VBA based scripts.

Native API online documentation, based on the System Informer (formerly Process Hacker) phnt headers

Moonwalk++: Simple POC Combining StackMoonwalking and Memory Encryption

Shellcode implementation of Reflective DLL Injection. Convert DLLs to position independent shellcode

game of active directory

Windows protocol library, including SMB and RPC implementations, among others.

A collection of Azure AD/Entra tools for offensive and defensive security purposes

Nightly builds of common C# offensive tools, fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.

An advanced in-memory evasion technique fluctuating shellcode's memory protection between RW/NoAccess & RX and then encrypting/decrypting its contents

PoC Implementation of a fully dynamic call stack spoofer

Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches).

Portable Executable reversing tool with a friendly GUI

🪅 Windows & Linux userspace emulator

Gather and update all available and newest CVEs with their PoC.

A self-hosted sandbox for red teams to test payloads against modern detection before deployment. MCP integration lets an LLM agent drive analysis end to end.

Tools & Interesting Things for RedTeam Ops

RedInfraCraft automates the deployment of powerful red team infrastructures! It streamlines the setup of C2s, makes it easy to create advanced phishing & payload infras

Multilayered AV/EDR Evasion Framework (no longer actively maintained)

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

An EDR bypass that prevents EDRs from hooking or loading DLLs into our process by hijacking the AppVerifier layer

Windows Local Privilege Escalation Cookbook

Educational proof-of-concept demonstrating DEP/NX bypass using hardware breakpoints, vectored exception handling, and instruction emulation on Windows x64. For security research and learning purpos…