Mask the trail, keep the scent. AnonymousHound anonymizes sensitive data within BloodHound exports (users, groups, PKI, etc.) ensuring PII is scrubbed, but the full map of security vulnerabilities …

Project for generating and identifying deceptive LNK files.

Local Privilege Escalation Affecting Millions of Gaming Laptops

COM Hijacking VOODOO

A Dockerized build pipeline for custom Windows x64 shellcode

Cobalt Strike module x loader x profile x wike / A public collection of open resources for Cobalt Strike (only legal use in Red Team and penetration testing

A lightweight redirector for Google Cloud Run, enabling domain fronting via Google-owned infrastructure.

Your template-based BloodHound terminal companion tool

Proof of Concepts code for Bring Your Own Vulnerable Driver techniques

Exploitable drivers, you know what I mean

Local SYSTEM auth trigger for relaying - X

Aggressor script add-in for CobaltStrike to track file uploads

A Cobalt Strike payload generator and lateral movement aggressor script which places Beacon shellcode into a custom shellcode loader

onedrive user enumeration - pentest tool to enumerate valid o365 users

Updated version of a long known self deletion technique to work with 24H2.

Python3 utility for creating zip files that smuggle additional data for later extraction

Linker for Beacon Object Files

SharpSuccessor is a .NET Proof of Concept (POC) for fully weaponizing Yuval Gordon’s (@YuG0rd) BadSuccessor attack from Akamai.

Microsoft Telnet Client MS-TNAP Server-Side Authentication Token Exploit

BYOVD research use cases featuring vulnerable driver discovery and reverse engineering methodology. (CVE-2025-52915, CVE-2025-1055,).

Rid_enum is a null session RID cycle attack for brute forcing domain controllers.

Less sugar (entropy) for your binaries

PrivCheck is a collection of Beacon Object Files designed to detect privilege escalation vulnerabilities in Windows OS by identifying common misconfigurations.

Tool for Active Directory Certificate Services enumeration and abuse

A list of resources for those interested in getting started in bug bounties

Cobalt Strike is a post-exploitation framework designed to be extended and customized by the user community. Several excellent tools and scripts have been written and published, but they can be cha…

Cobalt Strike系列

A post-exploitation strategy for persistence and egress from networks utilizing authenticated web proxies