An experimentation and research platform to investigate the interaction of automated agents in an abstract simulated network environments.

ProxyLogon Pre-Auth SSRF To Arbitrary File Write

Module pack for #ProxyLogon (part. of my contribute for Metasploit-Framework) [CVE-2021-26855 && CVE-2021-27065]

CVE-2021-26855: PoC (Not a HoneyPoC for once!)

PoC of proxylogon chain SSRF(CVE-2021-26855) to write file by testanull, censored by github

Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins ⬆️ ☠️

Remove API hooks from a Beacon process.

A protective and Low Level Shellcode Loader that defeats modern EDR systems.

Go Test WAF is a tool to test your WAF detection capabilities against different types of attacks and by-pass techniques

ConPtyShell - Fully Interactive Reverse Shell for Windows

Proof of Concept Exploit for vCenter CVE-2021-21972

An AWS Pentesting tool that lets you use one-liner commands to backdoor an AWS account's resources with a rogue AWS account - or share the resources with the entire internet 😈

Exploit for the RpcEptMapper registry key permissions vulnerability (Windows 7 / 2088R2 / 8 / 2012)

Red Team C code repo

X86 version of syswhispers2 / x86 direct system call

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

Pathfinder is a plugin for mapping network vulnerabilities, scanned by CALDERA or imported by a supported network scanner, and translating those scans into adversaries for network traversal.

Exploit script for CVE-2020-7961

Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.

Invoke-AtomicRedTeam is a PowerShell module to execute tests as defined in the [atomics folder](https://github.com/redcanaryco/atomic-red-team/tree/master/atomics) of Red Canary's Atomic Red Team p…

A library for patching, replacing and decorating .NET and Mono methods during runtime

Using outlook COM objects to create convincing phishing emails without the user noticing. This project is meant for internal phishing.

Nim's Windows API and COM Library

SharpGPOAbuse is a .NET application written in C# that can be used to take advantage of a user's edit rights on a Group Policy Object (GPO) in order to compromise the objects that are controlled by…