Active Directory data ingestor for BloodHound Community Edition written in Rust. 🦀

Crack Everything for CrackMapExec version 6

Active Directory data ingestor for BloodHound Legacy written in Rust. 🦀

Username tools for penetration testing

Kerberos relaying and unconstrained delegation abuse toolkit

PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw or other functions.

In-depth ldap enumeration utility

Execute commands interactively on remote Windows machines using the WinRM protocol

.Net Assembly loader for the GMSAPasswordReader

Dumping LAPS from Python

Lists who can read any gMSA password blobs and parses them if the current user has access.

Get SYSTEM via SeDebugPrivilege

generate payloads that force authentication against an attacker machine

Collection of random RedTeam scripts.

OSEP - Offsec Expert Professional

一款内网综合扫描工具，方便一键自动化、全方位漏扫扫描。

Penelope Shell Handler

purplestorm writeup collection

Windows Privilege Escalation

Collection of one-liners to bypass User Account Control (UAC) in Windows. These techniques exploit certain behavior in Windows applications to elevate privileges.

RunasCs - Csharp and open version of windows builtin runas.exe

PowerShell Script to automatically abuse the BadSuccessor vulnerability (CVE-2025-53779)

Extract SAM and SYSTEM using Volume Shadow Copy (VSS) API. With multiple exfiltration options and XOR obfuscation

Obfuscated PowerShell reverse shells for security research and testing purposes.

Process Hollowing POC written in C#

Sliver extension to bypass UAC via cmstp written in rust

Privilege Escalation Enumeration Script for Windows