Reattempt of BlueHammer disclosed in April 2026

usermode driver mapper that forcefully loads any signed kernel driver (legit cert) with a big enough section (example: .data, .rdata) to map your driver over. the main focus of this project is to p…

The agent that grows with you

Collection of many ldap bofs for domain enumeration and privilege escalation. Created for use with the Adaptix C2.

LLM Frontend for Power Users.

A Beacon Object File suite for Microsoft SQL Server that speaks TDS 7.4 on the wire itself

Repository hosting the bluehammer vulnerability

BOF for Havoc that copies locked Windows files (SAM, SYSTEM, NTDS.dit) via raw MFT parsing — no VSS, no Registry APIs, no PowerShell

Manipulation of Toast Notifications to social engineer the user to visit links, harvest credentials etc.

A collection of DESIGN.md files inspired by popular brand design systems. Drop one into your project and let coding agents generate a matching UI.

Cobalt Strike BOF used to perform privilege escalation by exploiting the SeImpersonate privilege. Based on the original GodPotato PoC by BeichenDream.

Windows Analysis and Research Toolkit

BOF-PE that zips and downloads the contents of a directory

💀 Generate malicious PDF test files for testing phone-home callbacks, SSRF, XSS, NTLM credential theft, and data exfiltration in PDF viewers, converters, and web applications. Can be used with Burp…

Dynamic unpacker based on PE-sieve

NTLM HTTP relay tool with SOCKS proxy for browser session hijacking

AI-powered bug bounty hunting from your terminal - recon, 20 vuln classes, autonomous hunting, and report generation. All inside Claude Code.

The repo is finally unlocked. enjoy the party! The fastest repo in history to surpass 100K stars ⭐. Join Discord: https://discord.gg/5TUQKqFWd Built in Rust using oh-my-codex.

Havoc C2 BOF — WFP kernel-space SYSTEM escalation + command execution with indirect syscalls, patchless AMSI/ETW bypass, and return address spoofing

Protect against malicious code installed via npm, yarn, pnpm, npx, pnpx, pip, uv and poetry with Aikido Safe Chain. Free to use, no tokens required.

Free educational content on reverse engineering and malware analysis from the FLARE team

An Ansible collection that installs an SCCM deployment with optional configurations.

Reimplementing Havoc Pro Runtime Channel Switching and Cobalt Strike UDC2 features.

Example extensions for CrystalC2

Demonstrating 3 persistence layers from a single EXE, that converts itself into proxy DLLs at runtime

Surgical UNWIND_INFO preservation for sleep masking without call stack spoofing.

A Ligolo-ng JavaScript agent working inside Chrome & Chromium-based browsers by leveraging Isolated Web Applications.

InfraGuard is a Command & Control Redirection Proxy and Manager which protects your Red Team Infrastructure against threat attribution

A SAST skill that gives AI coding agents structured vulnerability detection across 34 vulnerability classes.

Open-source AI hackers to find and fix your app’s vulnerabilities.