A chromium extension exploitation toolkit

Async BOF implementation of 'Rubeus monitor' to detect and automatically extract Kerberos TGTs as they appear on a target system.

Windows protocol library, including SMB and RPC implementations, among others.

Production-grade engineering skills for AI coding agents.

A security research tool for enabling Chrome DevTools Protocol (CDP) debugging on Microsoft Edge browser processes at runtime.

Cobalt Strike BOF used to perform privilege escalation by exploiting the SeImpersonate privilege. Based on the original GodPotato PoC by BeichenDream.

A Beacon Object File (BOF) that talks directly to Windows authentication packages through the LSA untrusted/trusted client interface, without touching LSASS process memory.

This code silently installs Chrome extensions on Mac, Windows, and Linux

List web account manager (WAM) accounts added to the current profile

A tool for managing custom node types and Cypher queries in BloodHound

A python library to create BloodHound OpenGraphs

Azure Blob Storage C2 Profile for Mythic

Beacon Object File (BOF) port of DumpGuard for extracting NTLMv1 hashes from sessions on modern Windows systems.

A small collector to model out abusable Seamless Single Sign On edges

wspcoerce coerces a Windows computer account via SMB to an arbitrary target using MS-WSP

Proof-of-Concept tool for extracting NTLMv1 hashes from sessions on modern Windows systems.

Various ways to execute shellcode

Alternative Shellcode Execution Via Callbacks

Hybrid AD utilities for ROADtools

Random BOFs for LDAP tradecraft

Discover and enumerate all subdomains associated with a website, including those not publicly advertised. Use this tool to conduct thorough security assessments, validate your organization's digita…

Local SYSTEM auth trigger for relaying - X

User Enumeration of Microsoft Teams users via API

Library of BOFs to interact with SQL servers

Neo4jWordlistHarvester but then with bloodhound json files