Unauthenticated start EFS service on remote Windows host (make PetitPotam great again)

Gain insights into COM/DCOM implementations that may be vulnerable using an automated approach and make it easy to visualize the data. By following this approach, a security researcher will hopeful…

EDR-Redir : a tool used to redirect the EDR's folder to another location.

PowerShell tool that shows how to read and write NTLM OWF values via samlib.dll.

PowerShell toolkit that extracts locked Windows files (SAM, SYSTEM, NTDS, ...) using MFT parsing and raw disk reads

Driver Buddy Revolutions for Ghidra

IOCTL++ can be used to make DeviceIoControl requests with arbitrary inputs.

Python Command-Line Ghidra MCP

PoC for popping a system shell against the LnvMSRIO.sys driver

Decyx: AI-powered Ghidra extension for enhanced reverse engineering and binary analysis.

DriverBuddyGhidra is a collection of Python scripts for analyzing Windows drivers in Ghidra, such as finding device names and IOCTL handlers

Intercept Windows Named Pipes communication using Burp or similar HTTP proxy tools

Direct access to NTFS volumes

A serie of exploits targeting eneio64.sys - Turning Physical Memory R/W into Virtual Memory R/W

Driver Buddy Reloaded is an IDA Pro Python plugin that helps automate some tedious Windows Kernel Drivers reverse engineering tasks

A set of plugins for Ghidra and x64Dbg synchronization. A faster, more flexible ret-sync.

MCP Monitoring with eBPF

Self-contained script for cleaning forensic traces on Linux, macOS, and Windows.

Automatically identify and extract potential anti-debugging techniques used by malware.

Gain insights into MS-RPC implementations that may be vulnerable using an automated approach and make it easy to visualize the data. By following this approach, a security researcher will hopefully…

The fastest and more comprehensive multiprotocol credentials bruteforcer / password sprayer and enumerator. 🥷

Lateral Movement via Bitlocker DCOM interfaces & COM Hijacking

AI Red Teaming playground labs to run AI Red Teaming trainings including infrastructure.

Monkey365 provides a tool for security consultants to easily conduct not only Microsoft 365, but also Azure subscriptions and Microsoft Entra ID security configuration reviews.

A user-mode code and its rootkit that will Kill EDR Processes permanently by leveraging the power of Process Creation Blocking Kernel Callback Routine registering and ZwTerminateProcess.

SharpSuccessor is a .NET Proof of Concept (POC) for fully weaponizing Yuval Gordon’s (@YuG0rd) BadSuccessor attack from Akamai.

Python3 utility for creating zip files that smuggle additional data for later extraction

A multi-threaded PDF password cracking utility equipped with commonly encountered password format builders and dictionary attacks.