An enterprise-class UI design language and React UI library

🦉🤖Easily sign curl calls to API Gateway with Cognito authorization token.

PoC for UUID shellcode execution using DInvoke

OWASP VulnerableApp Project: For Security Enthusiasts by Security Enthusiasts.

Alternative Shellcode Execution Via Callbacks

juicypotato for win10 > 1803 & win server 2019

TREVORspray is a modular password sprayer with threading, clever proxying, loot modules, and more!

Find exposed data in Azure with this public blob scanner

A standalone WMI protocol for CrackMapExec

Encodes a PowerShell script in the pixels of a PNG file and generates a oneliner to execute

OfensivePipeline allows you to download and build C# tools, applying certain modifications in order to improve their evasion for Red Team exercises.

⬆️ ☠️ 🔥 Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, pwnkit, dirty pipe, +w docker.sock

fuzzing framework based on libfuzzer and clang sanitizer

Command line interface to dump LSASS memory to disk via SilentProcessExit

Generate RFC-compliant UUIDs in JavaScript

Lightpack and Prismatik open repository

Super Resolution for images using deep learning.

C# version of Powermad

Tools to perform differential fault analysis attacks (DFA).

AMSI Bypass Via the Heap

Canarytokens helps track activity and actions on your network.

Rockyou for web fuzzing

A fixed 2014 version of Apple's NameAndPassword auth plugin sample

A curated database of insecure Python packages

Cross-platform malware development library for anti-analysis techniques

EAC Bypass

A JVM agent that automatically forces a proxy for HTTP(S) connections and trusts MitM certificates, for all major JVM HTTP clients

Invoke-ZeroLogon allows attackers to impersonate any computer, including the domain controller itself, and execute remote procedure calls on their behalf.

Collections of Orange Tsai's public presentation slides.

Mac OS X Plist parser for NodeJS. Convert a Plist file or string into a native JS object