LSASS memory dumper using direct system calls and API unhooking.

An open library of adversary emulation plans designed to empower organizations to test their defenses based on real-world TTPs.

ATTiRe logging for Invoke-Atomicredteam

Use powershell to test Office-based persistence methods

https://www.n00py.io/2020/05/extracting-files-from-burp-intruder-output/

A collection of Azure AD tools for offensive and defensive security purposes

Default agent for Prelude Operator

This program is designed to demonstrate various process injection techniques

KrbRelayUp - a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).

log4j2 remote code execution or IP leakage exploit (with examples)

SigFlip is a tool for patching authenticode signed PE files (exe, dll, sys ..etc) without invalidating or breaking the existing signature.

Simple password/cookies/history/bookmarks stealer/dumper for chrome all version (includes 80+), microsoft edge browser,includes all chromium based browsers, and all gecko based browser (firefox etc.).

firepwd.py, an open source tool to decrypt Mozilla protected passwords

Canarytokens helps track activity and actions on your network.

Windows Event Log Killer

PurpleSharp is a C# adversary simulation tool that executes adversary techniques with the purpose of generating attack telemetry in monitored Windows environments

A cross-platform assistant for creating malicious MS Office documents. Can hide VBA macros, stomp VBA code (via P-Code) and confuse macro analysis tools. Runs on Linux, OSX and Windows.

Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Coba…

Open-Source Remote Administration Tool For Windows C# (RAT)

PowerShell module to run a Selenium WebDriver.

A Repository of curated datasets from various attacks