Modern, fast and obfuscated VPN protocol

Decrypt the bitlocker FVEK for a bitlocker encrypted drive.

Windows Error Reporting ALPC Elevation of Privilege (CVE-2026-20817) - Proof-of-Concept exploit demonstrating local privilege escalation via WER service.

Saleae Logic 2 HLA plugin that extracts NV index data returned by TPM2_NV_Read from TPM2 SPI bus captures.

Nidhogg is an all-in-one simple to use rootkit.

Novel Windows process injection: assembles existing open handles (process & thread), natural RWX regions, and special user APC (NtQueueApcThreadEx2) for stealthy execution. Minimal permissions, no …

WebClientRelayUp - an universal no-fix local privilege escalation in domain-joined windows workstations in default configuration.

dcsync bof

Proof of Concept (PoC) implant for creating custom Cobalt Strike Beacons

A Rust template for writing Beacon Object Files (BOFs)

TCP Port Forwarding Utility on C

Automated Pass-the-Ticket (PtT) attack. Standalone alternative to Rubeus and Mimikatz for this attack, implemented in C++ and Python.

A cross-platform C++ framework for building Windows shellcode

Run CobaltStrike aggressorscript over TCP

Official public advisory for CVE-2025-61155

A tool that helps change the recovery configuration of a Windows service to make lateral movement more stealthy

Linux Shared Library to Shellcode Loader

A Remote Access Tool developed in C#, enabling complete control of a remote Windows machine, designed for legitimate remote administration and security testing of Windows systems.

open source port/reimplementation of the Cobalt Strike BOF Loader as is

Dump LSASS via physical memory read primitives in vulnerable kernel drivers

Dominate the domain. Relay to royalty.

Generate and Manage KeyCredentialLinks

Cobalt Strike BOF to freeze EDR/AV processes and dump LSASS using WerFaultSecure.exe PPL bypass

An uninitialized read vulnerability by incorrect Turboshaft Store-Store Elimination in V8.