AD Miner is an Active Directory audit tool that leverages cypher queries to crunch data from the #Bloodhound graph database to uncover security weaknesses

A Python POC for CRED1 over SOCKS5

Phishing with a fake reCAPTCHA

Disconnected RSAT - A method of running Group Policy Manager, Certificate Authority and Certificate Templates MMC snap-ins from non-domain joined machies

A tunneling toolkit enabling operators to move data from one place to another evasively.

An other No-Fix LPE, NTLMRelay2Self over HTTP (Webdav).

Nidhogg is an all-in-one simple to use windows kernel rootkit.

IPFuscator - A tool to automatically generate alternative IP representations

Find interesting files stored on (System Center) Configuration Manager (SCCM/CM) SMB shares

Attack Graph Visualizer and Explorer (Active Directory) ...Who's *really* Domain Admin?

Simple (relatively) things allowing you to dig a bit deeper than usual.

A tool for generating fake code signing certificates or signing real ones

lateral movement techniques that can be used during red team exercises

Offline command line lookup utility for GTFOBins (https://github.com/GTFOBins/GTFOBins.github.io), LOLBAS (https://github.com/LOLBAS-Project/LOLBAS), WADComs (https://wadcoms.github.io), and Hijack…

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Local privilege escalation, or remote code execution, through Splunk Universal Forwarder (UF) misconfigurations

Basics of Windows privilege escalation

A collection of Red Team focused tools, scripts, and notes

A Deep Learning Approach for Password Guessing (https://arxiv.org/abs/1709.00440)

Windows Exploit Suggester - Next Generation

Hide your Powershell script in plain sight. Bypass all Powershell security features

PoC tool to coerce Windows hosts authenticate to other machines via the MS-RPRN RPC interface. This is possible via other protocols as well.

An NTLM relay tool to the EWS endpoint for on-premise exchange servers. Provides an OWA for hackers.

HTTPLeaks - All possible ways, a website can leak HTTP requests

An SSL Enabled Basic Auth Credential Harvester with a Word Document Template URL Injector

APTnotes data

This tool allows one to recover old RDP (mstsc) session information in the form of broken PNG files. These PNG files allows Red Team member to extract juicy information such as LAPS passwords or an…

The Unofficial PowerShell Best Practices and Style Guide