An advanced memory forensics framework

Small and highly portable detection tests based on MITRE's ATT&CK.

Practical Windows Forensics Training

Conquest is a feature-rich and malleable command & control/post-exploitation framework developed in Nim.

Execute commands interactively on remote Windows machines using the WinRM protocol

Tool for issuing manual LDAP queries which offers bofhound compatible output

Fileless lateral movement tool that relies on ChangeServiceConfigA to run command

Generate BloodHound compatible JSON from logs written by ldapsearch BOF, pyldapsearch and Brute Ratel's LDAP Sentinel

Situational Awareness commands implemented using Beacon Object Files

Reparent a running program to a new terminal

SSH man-in-the-middle tool

A small utility to translate NTDS.dit files to SQLite format.

This aims to be a collection of tools to forensically analyze Active Directory databases

Active Directory forensic framework

Credentials Dumper for Linux using eBPF

A collection of Awesome Google Dorks.

A set of Zeek scripts to detect ATT&CK techniques.

LiME (formerly DMD) is a Loadable Kernel Module (LKM), which allows the acquisition of volatile memory from Linux and Linux-based devices, such as those powered by Android. The tool supports acquir…

binwalk for Windows

Sysmon for Linux

A secure sandbox environment for malware developers and red teamers to test payloads against detection mechanisms before deployment. Integrates with LLM agents via MCP for enhanced analysis capabil…

Volatility 3.0 development

OpenPLC Editor - IDE capable of creating programs for the OpenPLC Runtime

Extract and decrypt browser data, supporting multiple data types, runnable on various operating systems (macOS, Windows, Linux).

Printer Exploitation Toolkit - The tool that made dumpster diving obsolete.