PowerShell toolkit that extracts locked Windows files (SAM, SYSTEM, NTDS, ...) using MFT parsing and raw disk reads

Bring runZero Exposure Management into BloodHound

Initial Access and Post-Exploitation Tool for AAD and O365 with a browser-based GUI

Offensive tooling notes and experiments in AutoIt v3 (https://www.autoitscript.com/site/autoit/)

Extract AutoIt scripts embedded in PE binaries

myAut2Exe - The Open Source AutoIT Script Decompiler

Wonka is a sweet Windows tool that extracts Kerberos tickets from the Local Security Authority (LSA) cache. Like finding a ticket, but for security research and penetration testing! 🎫

An easy to use PowerShell script to collect memory and disk forensics for DFIR investigations.

A lightweight CLI Markdown editor with live preview.

CyberSecurity BLUE TEAM containerized platform that brings together open-source tools for SIEM, DFIR, CTI, SOAR, and Network Analysis

Advanced Active Directory network topology analyzer with SMB validation, multiple authentication methods (password/NTLM/Kerberos), and comprehensive network discovery. Export results as BloodHound‑…

Linux Kernel Rootkit for modern kernels (6x)

PowerShell wrapper script for SnapRAID

A high-speed forensic timeline engine for Windows forensic artifact CSV output built for DFIR investigators. Quickly consolidate CSV output from processed triage evidence for Eric Zimmerman (EZ Too…

Swiss Army Knife for payload encryption, obfuscation, and conversion to byte arrays – all in a single command (14 output formats supported)! ☢️

This is the tool to dump the LSASS process on modern Windows 11

PAYGoat is a banking application built for educational purposes, focused on exploring and understanding common business logic flaws in financial platforms.

Comprehensive Windows Syscall Extraction & Analysis Framework

Visualize Microsoft Defender XDR process trees and security events

Group Policy Objects manipulation and exploitation framework

An HTA Application which builds Azure (Entra) Scenarios for Red Team Simulations

The different ways to dump lsass

Adversary Simulation Framework

Forensic tool for extracting and analyzing Google DriveFS cached files and metadata.

Sanctum is an experimental proof-of-concept EDR, designed to detect modern malware techniques, above and beyond the capabilities of antivirus. Built in Rust.

A Payload Analysis Framework

free, open-source file scanner

A no-reboot, in-memory Linux persistence PoC leveraging namespace joining, user-namespace elevation, and self‑deletion.