Also known by Microsoft as Knifecoat 🌶️

A deliberately vulnerable Microsoft Entra ID environment. Learn identity security through hands-on, realistic attack challenges.

StandIn is a small .NET35/45 AD post-exploitation toolkit

An easy-to-use Python framework to generate adversarial jailbreak prompts.

Python script that converts Grafana hash digests to PBKDF2_HMAC_SHA256 format in order to facilitate password cracking using Hashcat.

Sticky notes for pentesting, bug bounty, CTF.

⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡

A python Flask app that generates dynamic DTDs for easy data exfiltration.

Check README for a detailed description

A Burp extension to help pentesters copy requests / responses for reports.

A DNS reconnaissance tool for locating non-contiguous IP space.

"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.

This repository contains cutting-edge open-source security tools (OST) for a red teamer and threat hunter.

A checklist to help students track their OSCP exercise progress.