Direct access to NTFS volumes

Self-contained script for cleaning forensic traces on Linux, macOS, and Windows.

The fastest and more comprehensive multiprotocol credentials bruteforcer / password sprayer and enumerator. 🥷

A user-mode code and its rootkit that will Kill EDR Processes permanently by leveraging the power of Process Creation Blocking Kernel Callback Routine registering and ZwTerminateProcess.

The Simple Agent Development Kit.

An AI agent to use Ghidra with any AI.

POC exploit for CVE-2025-21333 heap-based buffer overflow. It leverages WNF state data and I/O ring IOP_MC_BUFFER_ENTRY

Red teaming tool to dump LSASS memory, bypassing basic countermeasures.

Activation Context Hijack

Port of Cobalt Strike's Process Inject Kit

POC exploit for CVE-2024-49138

Hijacking valid driver services to load arbitrary (signed) drivers abusing native symbolic links and NT paths

Dump lsass using only NTAPI functions creating 3 JSON and 1 ZIP file... and generate the MiniDump file later!

PoC Implementation of a fully dynamic call stack spoofer

.net config loader

PowerShell Implementation of ADFSDump to assist with GoldenSAML

StandIn is a small .NET35/45 AD post-exploitation toolkit

A companion tool that uses ADeleg to find insecure trustee and resource delegations in Active Directory

Proof of Concept code and samples presenting emerging threat of MSI installer files.

MSI Dump - a tool that analyzes malicious MSI installation packages, extracts files, streams, binary data and incorporates YARA scanner.

⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡

Timestomp Tool to flatten MAC times with a specific timestamp

Exploitation paths allowing you to (mis)use the Windows Privileges to elevate your rights within the OS.

A tool to view and extract the contents of an Windows Installer (.msi) file.

Contains all the material from the DEF CON 31 workshop "(In)direct Syscalls: A Journey from High to Low".

A keystroke logger targeting the Remote Desktop Protocol (RDP) related processes, It utilizes a low-level keyboard input hook, allowing it to record keystrokes in certain contexts (like in mstsc.ex…

A Burp Suite extension that integrates OpenAI's GPT to perform an additional passive scan for discovering highly bespoke vulnerabilities and enables running traffic-based analysis of any type.

Generates millions of keyword-based password mutations in seconds.

An all-in-one hacking tool to remotely exploit Android devices using ADB and Metasploit-Framework to get a Meterpreter session.

🖥️ P2P Remote Desktop - Portable, No Configuration or Installation Needed.