Seatbelt is a C# project that performs a number of security oriented host-survey "safety checks" relevant from both offensive and defensive security perspectives.

Open-Source Remote Administration Tool For Windows C# (RAT)

Identifies the bytes that Microsoft Defender flags on.

ReaLTaiizor is a .NET WinForms control library that offers a wide range of components and is user-friendly and design-focused.

KrbRelayUp - a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).

Collection of Offensive C# Tooling

SharpUp is a C# port of various PowerUp functionality.

SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.

A method of bypassing EDR's active projection DLL's by preventing entry point exection

Remote Desktop Protocol .NET Console Application for Authenticated Command Execution

A tool to elevate privilege with Windows Tokens

A tool for generating .NET serialized gadgets that can trigger .NET assembly load/execution when deserialized using BinaryFormatter from JS/VBS/VBA based scripts.

PowerShell rebuilt in C# for Red Teaming purposes

.NET Assembly Dumper

Fork of SafetyKatz that dynamically fetches the latest pre-compiled release of Mimikatz directly from gentilkiwi GitHub repo, runtime patches signatures and uses SharpSploit DInvoke to PE-Load into…

Retrieves exported functions from a legitimate DLL and generates a proxy DLL source code/template for DLL proxy loading or sideloading

Exploit for EfsPotato(MS-EFSR EfsRpcOpenFileRaw with SeImpersonatePrivilege local privalege escalation vulnerability).

Exploit for CVE-2022-21999 - Windows Print Spooler Elevation of Privilege Vulnerability (LPE)

Threadless Process Injection using remote function hooking.

创建隐藏计划任务，权限维持，Bypass AV

DLLirant is a tool to automatize the DLL Hijacking researches on a specified binary.

Tool to create hidden registry keys.

Leverage a legitimate WFP callout driver to prevent EDR agents from sending telemetry

一键提取exe的图标、嵌入图标、资源信息、版本信息、修改时间、数字签名，降低程序熵值

C# Based Universal API Unhooker

A C# tool with more flexibility to customize scheduled task for both persistence and lateral movement in red team operation

Pass the Hash to a named pipe for token Impersonation

ETWProcessMon2 is for Monitoring Process/Thread/Memory/Imageloads/TCPIP via ETW + Detection for Remote-Thread-Injection & Payload Detection by VirtualMemAlloc Events (in-memory) etc.

ComWrappers required to run NativeAOT and WinForms