Combining 3 techniques (Threadless Injection + DLL Stomping + Caro-Kann) together to evade MDE.

Example code on how to use a custom dll during dll hijack on Narrator.exe as a persistence

.NET Project for Attacking vCenter

Maintains a list of IPv4 DNS servers by verifying them against baseline servers, and ensuring accurate responses.

The most exhaustive list of reliable DNS resolvers.

Puredns is a fast domain resolver and subdomain bruteforcing tool that can accurately filter out wildcard subdomains and DNS poisoned entries.

Hermes bytecode disassembler and assembler

TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts

A fork of the great TokenTactics with support for CAE and token endpoint v2

Claude MCP server to perform analysis on ROADrecon data

Advanced Active Directory network topology analyzer with SMB validation, multiple authentication methods (password/NTLM/Kerberos), and comprehensive network discovery. Export results as BloodHound‑…

GoldenSAML Attack Libraries and Framework

Repository hosting a static list of Microsoft First party apps and Graph permissions that's updated daily

Internal Monologue BOF

adws enumeration bof

Library of BOFs to interact with SQL servers

Creating a repository with all public Beacon Object Files (BoFs)

This is the tool to dump the LSASS process on modern Windows 11

The ADSyncDump BOF is a port of Dirk-Jan Mollema's adconnectdump.py / ADSyncDecrypt into a Beacon Object File (BOF) with zero dependencies.

Latest CVEs with their Proof of Concept exploits.

Red Team "Drop and Run" NAC (802.1x) Bypass

Abusing Azure services over C2

User Enumeration of Microsoft Teams users via API

Send phishing messages and attachments to Microsoft Teams users

BOF to steal browser cookies & credentials

Azure DevOps Services Attack Toolkit

A red team tool that assists into extracting/dumping master credentials and/or entries from different password managers.