[GITLAB MIRROR] Ludus is a system to build easy to use cyber environments for testing and development.

Proxmox VM Templates with Packer

Venom C2 is a dependency‑free Python3 Command & Control framework for redteam persistence

Convert Event Log XML to EVTX file

game of active directory

gpoParser is a tool designed to extract and analyze configurations applied through Group Policy Objects (GPOs) in an Active Directory environment.

Dump lsass using only NTAPI functions by hand-crafting Minidump files (without MiniDumpWriteDump!!!)

GLPI vulnerabilities checking tool

A collaborative, multi-platform, red teaming framework

The Network Execution Tool

A list of methods to coerce a windows machine to authenticate to an attacker-controlled machine through a Remote Procedure Call (RPC) with various protocols.

A simple C++ Windows tool to get information about processes exposing named pipes.

Proof-of-Concept tool to authenticate to an LDAP/S server with a certificate through Schannel

A complete terminal user interface (TUI) for LDAP.

Python3 rewrite of AsOutsider features of AADInternals

A PowerShell console in C/C++ with all the security features disabled

Tool designed to find folder exclusions using Windows Defender using command line utility MpCmdRun.exe as a low privileged user, without relying on event logs

AV/EDR Lab environment setup references to help in Malware development

Initial Access and Post-Exploitation Tool for AAD and O365 with a browser-based GUI

Porting of BOF InlineExecute-Assembly to load .NET assembly in process but with patchless AMSI and ETW bypass using hardware breakpoint.

Active Directory and Internal Pentest Cheatsheets

Dump NTDS with golden certificates and UnPAC the hash

🔍 gowitness - a golang, web screenshot utility using Chrome Headless

Post-exploit tool that enables a SOCKS tunnel via a Windows host using an extensible custom RPC proto over SMB through a named pipe.

Identifies the bytes that Microsoft Defender / AMSI Consumer flags on.

Misconfiguration Manager is a central knowledge base for all known Microsoft Configuration Manager tradecraft and associated defensive and hardening guidance.

Pre-Built Vulnerable Environments Based on Docker-Compose

Local Service to SYSTEM privilege escalation from Windows 7 to Windows 10 / Server 2019

Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)

Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.