The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.

MVT (Mobile Verification Toolkit) helps with conducting forensics of mobile devices in order to find signs of a potential compromise.

Adversary Emulation Framework

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

🔍 A Hex Editor for Reverse Engineers, Programmers and people who value their retinas when working at 3 AM.

Situational Awareness commands implemented using Beacon Object Files

Complete Mandiant Offensive VM (Commando VM), a fully customizable Windows-based pentesting virtual machine distribution. commandovm@mandiant.com

Presentation material presented by Outflank team members at public events.

Converts a EXE into DLL

ADExplorerSnapshot.py is an AD Explorer snapshot parser. It is made as an ingestor for BloodHound, and also supports full-object dumping to NDJSON.

Converts PE into a shellcode

bddisasm is a fast, lightweight, x86/x64 instruction decoder. The project also features a fast, basic, x86/x64 instruction emulator, designed specifically to detect shellcode-like behavior.

The Havoc Framework

Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from memory and runs them with parameters

zlib Windows build with Visual Studio.

The Hunt for Malicious Strings

Tools, tips, tricks, and more for exploring ICS Security.

Source code based on TraceEvent to listen to CLR events at runtime

Proof of Concepts

holehe allows you to check if the mail is used on different sites like twitter, instagram and will retrieve information on sites with the forgotten password function.

Local Service to SYSTEM privilege escalation from Windows 7 to Windows 10 / Server 2019

A tool to perform Kerberos pre-auth bruteforcing

PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw or other functions.

A tool for quickly evaluating IAM permissions in AWS.

Evasions encyclopedia gathers methods used by malware to evade detection when run in virtualized environment. Methods are grouped into categories for ease of searching and understanding. Also provi…

Inline syscalls made easy for windows on clang

Cobalt Strike Aggressor extension for Visual Studio Code

Advanced usermode anti-anti-debugger. Forked from https://bitbucket.org/NtQuery/scyllahide

A cross-platform implant written in Nim

Shikata ga nai (仕方がない) encoder ported into go with several improvements