Hardened Debian GNU/Linux distro auditing

a series tutorial for linux exploit development to newbie.

Userland exec PoC to be used as attack vector technique

Inspect and unpack InnoSetup archives

A fast WordPress plugin enumeration tool

Knowledge Management for Offensive Security Professionals Official Repository

Encrypt raw shellcode files and print them as byte arrays for pasting into c, powershell or csharp shellcode runners.

Powershell tools used for Red Team / Pentesting.

Reflective shellcode runners using obfuscated Win32 APIs in C# and C++ (GetProcAddress & GetModuleHandle). For penetration testing.

psexec-like remote execution using the paexec wire protocol that supports paexec and remoteexecm2 from manageengine adselfservice plus

A newly discovered vulnerable driver, pstrip64.sys (CVE-2026-29923) allows an unprivileged user to escalate privileges to SYSTEM via a crafted IOCTL request

Create BOFs for All The Things

simple scripts and small findings

enumerate open handles in a process

detects EDR hooks and locate the hooking module

simple Poc to execute a PE in current process (no thread creation)

Tunnel TCP connections through a file

FaceDancer is an exploitation tool aimed at creating hijackable, proxy-based DLLs by taking advantage of COM-based system DLL image loading

Generate password wordlists with customizable options for security testing !

A Cobalt Strike Beacon Object File that exploits the BlueHammer vulnerability that to obtain a copy of the SAM database.

Combining NameSpi and JobSpi. An OSINT employee/username enumeration tool and enumerate LinkedIn Employees Job Title and Length at Company and other information

My KnockKnock Enumeration Tool in Go

Active Directory Vulnerability Scanner

一个攻防知识库。A knowledge base for red teaming and offensive security.

一个漏洞 PoC 知识库。A knowledge base for vulnerability PoCs(Proof of Concept), with 1k+ vulnerabilities.

A Beacon Object File suite for Microsoft SQL Server that speaks TDS 7.4 on the wire itself