Targeted evil twin attacks against WPA2-Enterprise networks. Indirect wireless pivots using hostile portal attacks.

Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).

A small set of tools to convert packets from capture files to hash files for use with Hashcat or John the Ripper.

LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x/6.x (x86/x86_64 and ARM64)

Abusing impersonation privileges through the "Printer Bug"

PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw or other functions.

Small tool to capture packets from wlan devices.

The swiss army knife of LSASS dumping

Open-Source Shellcode & PE Packer

CVE-2021-4034 1day

Unified repository for different Metasploit Framework payloads

Windows Event Log Killer

A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the server.

Repository for stand-alone RTL8188EU driver.

Simple reverse ICMP shell

Post Exploitation Collection

LSASS memory dumper using direct system calls and API unhooking.

A little toolbox to play with Microsoft Kerberos in C

Small utilities that are useful in advanced password cracking

Windows Privilege Escalation from User to Domain Admin.

CVE-2020-0796 - Windows SMBv3 LPE exploit #SMBGhost

TrevorC2 is a legitimate website (browsable) that tunnels client/server communications for covert command execution.

A memory-based evasion technique which makes shellcode invisible from process start to end.