BOF for Havoc that copies locked Windows files (SAM, SYSTEM, NTDS.dit) via raw MFT parsing — no VSS, no Registry APIs, no PowerShell

InfraGuard is a Command & Control Redirection Proxy and Manager which protects your Red Team Infrastructure against threat attribution

A rust library that allows you to host the CLR and execute dotnet binaries.

a simple agent for mythic

Metamorphic cross-compilation of C++ & C-code to PIC, BOF & EXE.

A simple PUA encoder and a PoC

LibWinHttp is a simplified WinHTTP wrapper designed as a Crystal Palace shared library for implant development. Its primary purpose is to facilitate the development of PICO modules that require HTT…

PICO-Implant is a Proof of Concept C2 implant built using Position-independent Code Objects (PICO) for modular functionality. This project demonstrates that It's possible to build a multi-stage and…

Chrome browser extension-based Command & Control

AdaptixC2 is a highly modular advanced redteam toolkit

This comprehensive and central repository is designed for cybersecurity enthusiasts, researchers, and professionals seeking to stay ahead in the field. It provides a valuable resource for those ded…

Obfusk8: lightweight Obfuscation library based on C++17 / Header Only for windows binaries

A cross platform library to write offensive and defensive security tools in Go

MCP Server for Ghidra

Stand up a simple Elastic container with Kibana, Fleet, and the Detection Engine

Red Teaming Tactics and Techniques

Privilege Escalation Enumeration Script for Windows

BOF that finds all the Nt* system call stubs within NTDLL and overwrites with clean syscall stubs (user land hook evasion)

Reflective DLL injection is a library injection technique in which the concept of reflective programming is employed to perform the loading of a library from memory into a host process.

A cross platform Go library to work with Windows Security Descriptors

Small portable AES128/192/256 in C

smbclient-ng, a fast and user friendly way to interact with SMB shares.

This repository contains a list of python scripts to work with Microsoft RPC for research purposes.

A tool to generate a wordlist from the information present in LDAP, in order to crack passwords of domain accounts.

A list of methods to coerce a windows machine to authenticate to an attacker-controlled machine through a Remote Procedure Call (RPC) with various protocols.

A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through 12 methods.

The ldapconsole script allows you to perform custom LDAP requests to a Windows domain.

A python tool to parse and describe the contents of a raw ntSecurityDescriptor structure.