Tailscale-based Windows VNC persistence tool with Session 0 isolation bypass, embedding a full WireGuard peer and RFB server into a single drop-in binary.

Winamp inspired music player for MacOs

Hoobs and Homebridge plugin for Tuya devices using Home Assistant Tuya Web Api

All-in-one macOS binary analysis: Mach-O parsing, ARM64 disassembly, code signatures, and debugging.

A tool which is uses to remove Windows Defender in Windows 8.x, Windows 10 (every version) and Windows 11.

YouTube-based karaoke party app with QR queueing.

Resources from Jamal & Giuliana's presentation on reserving bytecode into bounties for Jira and Confluence Plugins [BSides Canberra and Kawaiicon 2025]]

FindMy Cache Decryptor is a reverse-engineered tool that decrypts cached data files from Apple's Find My application on macOS. It addresses the encryption introduced in macOS 14.4+ that broke exist…

This code silently installs Chrome extensions on Mac, Windows, and Linux

Extract files from any kind of container formats

A collection of stealthy macOS post-exploitation tools written in Python.

AdaptixC2 is a highly modular advanced redteam toolkit

WireGuard VPN server installer for Ubuntu, Debian, AlmaLinux, Rocky Linux, CentOS, Fedora, openSUSE and Raspberry Pi OS. Includes interactive setup and client management.

Quick&Dirty XCOFF Loader for Ghidra

LDAP library for auditing MS AD

BloodyAD is an Active Directory Privilege Escalation Framework

A tool to interact with Kerberos to request, forge and convert various types of tickets in an Active Directory environment.

Access private and public keys stored in Mac OS X's Keychain from the command line.

Microsoft Telnet Client MS-TNAP Server-Side Authentication Token Exploit

Hackish way to intercept and modify non-HTTP protocols through Burp & others.

Proof of Concept (PoC) .NET tool for remotely killing EDR with WDAC

Identifies the bytes that Microsoft Defender / AMSI Consumer flags on.

The swiss army knife of LSASS dumping

A Dynamic MSBuild task to help with minor obfuscation of C# Binaries to evade static signatures on each compilation

Syscall Shellcode Loader (Work in Progress)

JustEvadeBro, a cheat sheet which will aid you through AMSI/AV evasion & bypasses.

Load cookies from your web browsers

A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the server.