Assumed-breach PowerShell tool that enumerates self-service / auto-approved Microsoft 365 groups and distribution lists and correlates each to directory roles, Conditional Access, app-role grants, …

WasmForge — compile Go and C# programs to single-binary, WASM-sandboxed native executables with polymorphic output.

A workshop about core UDRL mechanics by Joris Ignoul & Mickey De Baets

Cobalt Strike BOF that extracts selected Windows registry hives directly from a raw NTFS volume by parsing NTFS metadata and reading file data straight from disk.

收集一些比较优秀的开源安全项目，以帮助甲方安全从业人员构建企业安全能力。

Compress tool outputs, logs, files, and RAG chunks before they reach the LLM. 60-95% fewer tokens, same answers. Library, proxy, MCP server.

A CI/CD Red Team Framework for demonstrating Build Pipeline security risks.

real-time collaborative graph board for red team ops

a minimalist micro TI / SOC context panel powered by local AI + Malpedia API

Shadow any website for offline viewing, with the JavaScript stripped out

Defensive Patch Tuesday semantic diff CLI for Windows build snapshots and security-focused patch analysis.

Windows security research toolkit for LPE, persistence, COM hijacking, and attack surface enumeration.

Bitlocker Bypass Vulnerability

A WinForms wrapper for Nightmare Eclipse's YellowKey exploit, automating the creation of USB recovery media to access previously inaccessible files on Windows 11 systems.

DCOM in memory and fileless lateral movement techniques through .Net deserilization

Makes your AI agent think like the laziest senior dev in the room. The best code is the code you never wrote.

Zig code intelligence server and MCP toolset for AI agents. Fast tree, outline, symbol, search, read, edit, deps, snapshot, and remote GitHub repo queries.

Use your most capable model to audit your codebase and write plans for cheaper models to execute.

Ghost in the Machine: Live Fire Threat Actor Dissection

Dump protected files (SAM,SYSTEM,SECURITY) by parsing the raw NTFS partition

Offensive knowledge, offline. One search box for every playbook.

An 8-stage vulnerability-discovery agent.

a CLI tool for analyzing Microsoft Patch Tuesday security updates. Fetches patch data from MSRC, downloads update packages, extracts binaries, and compares pre/post-patch versions using BinDiff.

Striga is an experimental lifter from x86_64 to LLVM IR written in Python.

This repository contains the research tool presented at x33fcon 2026, along with the associated presentation slides. The content is made available for research and educational purposes.

IDA Pro RPC for assisted RE-tasks

Manage a Tailscale tailnet via the Tailscale REST API

GreatXML bitlocker bypass vulnerability