A tool to view and extract the contents of an Windows Installer (.msi) file.

Script to build possibly the most trimmed-down Windows 11 experience.

A library for loading dll module bypassing windows PE loader from memory (x86/x64)

Simultaneous speech-to-text model

Generate BloodHound compatible JSON from logs written by ldapsearch BOF, pyldapsearch and Brute Ratel's LDAP Sentinel

Educational proof-of-concept demonstrating DEP/NX bypass using hardware breakpoints, vectored exception handling, and instruction emulation on Windows x64. For security research and learning purpos…

Crystal Palace library for proxying Nt API calls via the Threadpool

CLI monitor for windows process- & file activity

Find jmp gadgets for call stack spoofing.

Advanced Active Directory network topology analyzer with SMB validation, multiple authentication methods (password/NTLM/Kerberos), and comprehensive network discovery. Export results as BloodHound‑…

Open-source tool to enforce privacy & security best-practices on Windows, macOS and Linux, because privacy is sexy

Direct access to NTFS volumes

Metamorphic cross-compilation of C++ & C-code to PIC, BOF & EXE.

.net config loader

Comprehensive Windows Syscall Extraction & Analysis Framework

winlibs standalone build of GCC compiler and MinGW-w64

Onion addresses for anything.

Alternative Read and Write primitives using Rtl* functions the unintended way.

Collect infrastructure and permissions data from vCenter and export it as a BloodHound‑compatible graph using Custom Nodes/Edges

A comprehensive ETW (Event Tracing for Windows) event generation tool designed for testing and research purposes.

This tool is a user-friendly Graphical User Interface (GUI) tool that simplifies and streamlines the process of digitally signing files using Microsoft's signtool.exe. This tool is designed to prov…

A small collection of Crystal Palace PIC loaders designed for use with Cobalt Strike

Local SYSTEM auth trigger for relaying - X

Using Just In Time (JIT) instruction decryption, this shellcode loader ensures that only the currently executing instruction is visible in memory.

PowerShell Implementation of ADFSDump to assist with GoldenSAML

A user-mode code and its rootkit that will Kill EDR Processes permanently by leveraging the power of Process Creation Blocking Kernel Callback Routine registering and ZwTerminateProcess.

The fastest knowledge base for growing teams. Beautiful, realtime collaborative, feature packed, and markdown compatible.

Scripts to set up your own Android 📱 app hacking lab

Execute commands interactively on remote Windows machines using the WinRM protocol

A simple logging library implemented in C99