Usermode detector that catches indirect syscalls. Traps Hell's Hall, Tartarus' Gate, RecycledGate, and VEH syscalls & Many more.

Dumping DPAPI credz remotely

🦀 How to minimize Rust binary size 📦 https://github.com/johnthagen/min-sized-rust

PXEThief is a set of tooling that can extract passwords from the Operating System Deployment functionality in Microsoft Endpoint Configuration Manager

Freeze.rs is a payload toolkit for bypassing EDRs using suspended processes, direct syscalls written in RUST

Offensive Security OSCP+, OSEP, OSWP, OSWA, OSWE, OSED, OSMR, OSEE, OSDA, OSIR, OSTH Exam and Lab Reporting / Note-Taking Tool

ScareCrow - Payload creation framework designed around EDR bypass.

HTML smuggling is not an evil, it can be useful

The purpose of this tool is: 1. to transliterate and generate possible usernames out of a full names list that may include names written in multiple (non-English) languages, common problem occurrin…

Windows API Call Obfuscation

Cobalt Strike External C2 Integration With Azure Servicebus, C2 traffic via Azure Servicebus

link is a command and control framework written in rust

A PoC that packages payloads into output containers to evade Mark-of-the-Web flag & demonstrate risks associated with container file formats. Supports: ZIP, 7zip, PDF, ISO, IMG, CAB, VHD, VHDX

TREVORspray is a modular password sprayer with threading, clever proxying, loot modules, and more!

Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory. Ivy’s loader does this by utilizing programmatical access in the VBA object environmen…

Azure Security Resources and Notes

Reflective PE packer.

The swiss army knife of LSASS dumping

User enumeration with Microsoft Teams API

POC of SecureWorks' recent Azure Active Directory password brute-forcing vuln

Cobalt Strike Aggressor Script that Performs System/AV/EDR Recon

A proof-of-concept script to conduct a phishing attack abusing Microsoft 365 OAuth Authorization Flow

cobalt strike tools

A framework for creating COM-based bypasses utilizing vulnerabilities in Microsoft's WDAPT sensors.

Modifies the Blue Screen of Death for 1909/20h1/20h2/21h1.

Ansible playbook to deploy a phishing engagement in the cloud.

ToRat is a Remote Administation tool written in Go using Tor as a transport mechanism and RPC for communication

Collection of Beacon Object Files