A script to test credentials against Active Directory Federation Services (ADFS), allowing password spraying or bruteforce attacks.

Fast covert timing channel communication for inter-process and inter-processor communication on Windows systems.

Conquest is a feature-rich and malleable command & control/post-exploitation framework developed in Nim.

This Chromium extension scans the page for external iFrames, Scripts, and Styles, logs them to the console, and checks if their domains are resolvable.

Advanced Domain Controller attack and credential analysis tool leveraging DonPAPI database

GeoIntel using Google's Gemini API to uncover the location where photos were taken through AI-powered geo-location analysis.

Gain insights into COM/DCOM implementations that may be vulnerable using an automated approach and make it easy to visualize the data. By following this approach, a security researcher will hopeful…

PowerShell tool that shows how to read and write NTLM OWF values via samlib.dll.

free, open-source file scanner

SilentButDeadly is a network communication blocker specifically designed to neutralize EDR/AV software by preventing their cloud connectivity using Windows Filtering Platform (WFP). This version fo…

EDR-Redir : a tool used to redirect the EDR's folder to another location.

Proof-of-Concept tool for extracting NTLMv1 hashes from sessions on modern Windows systems.

The DCERPC only printerbug.py version

Helps defenders find their WSUS configurations in the wake of CVE-2025-59287

PowerShell toolkit that extracts locked Windows files (SAM, SYSTEM, NTDS, ...) using MFT parsing and raw disk reads

WSUS Unauthenticated RCE

Exhaustive search and flexible filtering of Active Directory ACEs.

Unauthenticated start EFS service on remote Windows host (make PetitPotam great again)

A Windows executable 'loader' (in-memory patcher) for x86 and x64 targets, designed for controlled in-memory patching of executables (PE images).

Blocking Windows EDR agents by registering an own IPC-object in the Object Manager’s namespace (CVE-2023-3280, CVE-2024-5909, CVE-2024-20671)

Wonka is a sweet Windows tool that extracts Kerberos tickets from the Local Security Authority (LSA) cache. Like finding a ticket, but for security research and penetration testing! 🎫

Parses cached certificate templates from a Windows Registry file and displays them in the same style as Certipy does

Run BloodHound CE in a single-user setup with podman

A tool for folks who `git clone` first and ask questions later

A Sliver C2 modification utility that enhances operational stealth by renaming protobuf definitions, regenerating protocol buffers, updating Go references, and resolving method call collisions. Des…

Supporting PoCs and scripts for my talk "OverLAPS: Overriding LAPS Logic"