Situational Awareness commands implemented using Beacon Object Files

BOF for Kerberos abuse (an implementation of some important features of the Rubeus).

Tunnel all your traffic over Websocket or HTTP2 - Bypass firewalls/DPI - Static binary available

ACE Analyzer for identifying ESC1-8 vulnerabilities (Written by AI)

Moonwalk++: Simple POC Combining StackMoonwalking and Memory Encryption

A C# utility for interacting with SCOM

Harden Windows Safely, Securely using Official Supported Microsoft methods and proper explanation | Always up-to-date and works with the latest build of Windows | Provides tools and Guides for Pers…

Modern security products (CrowdStrike, Bitdefender, SentinelOne, etc.) hook the nLoadImage function inside clr.dll to intercept and scan in-memory .NET assembly loads. This tool unhooks that functi…

Cobalt Strike BOF

POC command channel that uses Wi-Fi beacon SSID fields as a unidirectional C2 transport

Some scripts to abuse kerberos using Powershell

Fileless atexec, no more need for port 445

Windows protocol library, including SMB and RPC implementations, among others.

A tool to elevate privilege with Windows Tokens

EDR-Redir : a tool used to redirect the EDR's folder to another location.

Fully automatic censorship removal for language models

A version of NetLoader, Execute Assemblies and Bypass ETW and AMSI using Hardware Breakpoints

Ryūjin Protector - Is a Intel Arch - BIN2BIN - PE Obfuscation/Protection/DRM tool

Venom C2 is a dependency‑free Python3 Command & Control framework for redteam persistence

WSUS Unauthenticated RCE

NetworkSherlock: powerful and flexible port scanning tool With Shodan

PowerShell tool that shows how to read and write NTLM OWF values via samlib.dll.

Gain insights into COM/DCOM implementations that may be vulnerable using an automated approach and make it easy to visualize the data. By following this approach, a security researcher will hopeful…

Proof-of-Concept tool for extracting NTLMv1 hashes from sessions on modern Windows systems.

Obex – Blocking unwanted DLLs in user mode

Lateral Movement Using DCOM and DLL Hijacking

AADInternals PowerShell module for administering Azure AD and Office 365

HexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug b…

A tool designed for smuggling interactive command and control traffic through legitimate TURN servers hosted by reputable providers such as Zoom.

免杀所有杀软、bypass all，绕过WB、VT ，0检测。