Leverage a legitimate WFP callout driver to prevent EDR agents from sending telemetry

Proxifier Alternative to redirect any Windows/MacOS/Linux TCP and UDP traffic to HTTP/Socks5 proxy

Collect infrastructure and permissions data from vCenter and export it as a BloodHound‑compatible graph using Custom Nodes/Edges

A Python utility to dump Kubernetes resources and store them in BloodHound's OpenGraph

Drop a single binary into a compromised Kubernetes pod and instantly map every realistic attack path to cluster-admin, node escape, secret theft, and cloud IAM takeover.

Most Linux LPEs need a race window or a kernel-specific offset. Copy Fail is a straight-line logic flaw, it needs neither. The same 732-byte Python script (or .c elf) roots every Linux distribution…

🧠 The ultimate resource for finding Beacon Object Files (BOFs).

Cobalt Strike BOF used to perform privilege escalation by exploiting the SeImpersonate privilege. Based on the original GodPotato PoC by BeichenDream.

Evade EDR's the simple way, by not touching any of the API's they hook.

BOF for Havoc that copies locked Windows files (SAM, SYSTEM, NTDS.dit) via raw MFT parsing — no VSS, no Registry APIs, no PowerShell

Rotating socks proxy

A first-come first-served single-fire HTTP server. Easily transfer files to and from your terminal and any browser.

Havoc C2 BOF port of the KslD.sys BYOVD technique. Credential extraction from lsass via physical memory — no OpenProcess, no auditable API calls.

InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assembly execution as an alternative to Cobalt Strikes traditiona…

InfraGuard is a Command & Control Redirection Proxy and Manager which protects your Red Team Infrastructure against threat attribution

BOF to impersonate TrustedInstaller via DISM API trigger and thread impersonation

🔥 Rotating proxy network on Cloudflare Workers. Deploy, rotate, fire.

Dominate the domain. Relay to royalty.

A .NET Runtime for Cobalt Strike's Beacon Object Files

Disconnected RSAT - A method of running Group Policy Manager, Certificate Authority and Certificate Templates MMC snap-ins from non-domain joined machies

A tool for enumerating potential hosts that are open to GSSAPI abuse within Active Directory networks

Creative and unusual things that can be done with the Windows API.

In-depth ldap enumeration utility

Havoc C2 BOF — WFP kernel-space SYSTEM escalation + command execution with indirect syscalls, patchless AMSI/ETW bypass, and return address spoofing

Template-Driven AV/EDR Evasion Framework

Kerberos relaying and unconstrained delegation abuse toolkit

abusing windows toast notifications for fun and user manipulation

KslDump — Why bring your own knife when Defender already left one in the kitchen?