Prevent in-process process termination by patching exit APIs

Venom C2 is a dependency‑free Python3 Command & Control framework for redteam persistence

A C# tool for requesting certificates from ADCS using DCOM over SMB. This tool allows you to remotely request X.509 certificates from CA server using the MS-WCCE protocol over DCOM and It bypasses …

NoMoreStealers is a Windows file system minifilter driver that protects sensitive user data from untrusted processes.

A script to test credentials against Active Directory Federation Services (ADFS), allowing password spraying or bruteforce attacks.

Fast covert timing channel communication for inter-process and inter-processor communication on Windows systems.

Conquest is a feature-rich and malleable command & control/post-exploitation framework developed in Nim.

This Chromium extension scans the page for external iFrames, Scripts, and Styles, logs them to the console, and checks if their domains are resolvable.

Advanced Domain Controller attack and credential analysis tool leveraging DonPAPI database

GeoIntel using Google's Gemini API to uncover the location where photos were taken through AI-powered geo-location analysis.

Gain insights into COM/DCOM implementations that may be vulnerable using an automated approach and make it easy to visualize the data. By following this approach, a security researcher will hopeful…

PowerShell tool that shows how to read and write NTLM OWF values via samlib.dll.

free, open-source file scanner

SilentButDeadly is a network communication blocker specifically designed to neutralize EDR/AV software by preventing their cloud connectivity using Windows Filtering Platform (WFP). This version fo…

EDR-Redir : a tool used to redirect the EDR's folder to another location.

Proof-of-Concept tool for extracting NTLMv1 hashes from sessions on modern Windows systems.

The DCERPC only printerbug.py version

Helps defenders find their WSUS configurations in the wake of CVE-2025-59287

PowerShell toolkit that extracts locked Windows files (SAM, SYSTEM, NTDS, ...) using MFT parsing and raw disk reads

WSUS Unauthenticated RCE

Exhaustive search and flexible filtering of Active Directory ACEs.

Unauthenticated start EFS service on remote Windows host (make PetitPotam great again)

A Windows executable 'loader' (in-memory patcher) for x86 and x64 targets, designed for controlled in-memory patching of executables (PE images).

GUI for apktool, signapk, zipalign and baksmali utilities.

Blocking Windows EDR agents by registering an own IPC-object in the Object Manager’s namespace (CVE-2023-3280, CVE-2024-5909, CVE-2024-20671)

Wonka is a sweet Windows tool that extracts Kerberos tickets from the Local Security Authority (LSA) cache. Like finding a ticket, but for security research and penetration testing! 🎫

Parses cached certificate templates from a Windows Registry file and displays them in the same style as Certipy does