Active Directory Firewall

A tool to view and extract the contents of an Windows Installer (.msi) file.

PowerShell tool that shows how to read and write NTLM OWF values via samlib.dll.

PowerShell toolkit that extracts locked Windows files (SAM, SYSTEM, NTDS, ...) using MFT parsing and raw disk reads

IFL - Interactive Functions List (plugin for IDA Pro)

IPython console integration for IDA Pro

IDA Pro plugin which improves work with HexRays decompiler and helps in process of reconstruction structures and classes

IDA ClassInformer PlugIn

Two IDAPython Scripts help you to reconstruct Microsoft COM (Component Object Model) Code

An IDA Pro plugin that display cross-references to functions or variables across the entire binary in Hex-Rays pseudocode

Script to build possibly the most trimmed-down Windows 11 experience.

USB/IP Client for Windows

Defeating Windows User Account Control

A library for loading dll module bypassing windows PE loader from memory (x86/x64)

WSUS Unauthenticated RCE

EDR-Redir : a tool used to redirect the EDR's folder to another location.

IDA Pro plugin to make bitfield accesses easier to grep

Proof-of-Concept tool for extracting NTLMv1 hashes from sessions on modern Windows systems.

Simultaneous speech-to-text model

Generate BloodHound compatible JSON from logs written by ldapsearch BOF, pyldapsearch and Brute Ratel's LDAP Sentinel

异步Beacon Object Files概念的实现。它提供了一个框架，用于运行可以检测事件并报告回Cobalt Strike团队服务器的异步监控任务。

kernel-mode DLL Injector

cpp-amalgamate recursively combines C++ source files and the headers they include into a single output file

The DCERPC only printerbug.py version

A PICO for Crystal Palace that implements CLR hosting to execute a .NET assembly in memory.

binary releases of VS Code without MS branding/telemetry/licensing

Educational proof-of-concept demonstrating DEP/NX bypass using hardware breakpoints, vectored exception handling, and instruction emulation on Windows x64. For security research and learning purpos…