Stars
KslDump — Why bring your own knife when Defender already left one in the kitchen?
Extract Windows credentials directly from VM memory snapshots and virtual disks
Monitor the Windows Event Log with grep-like features or filtering for specific Event IDs
A tool to help pentesters quickly identify privileged principals and second-order privilege escalation opportunities in unfamiliar AWS accounts.
A Python native library containing necessary classes, functions and structures to interact with Windows Active Directory.
Proof-of-Concept tool to dump trusted domain objects
WebClientRelayUp - an universal no-fix local privilege escalation in domain-joined windows workstations in default configuration.
wtftp.py is a tool to attack Microsoft Deployment Toolkit (MDT) and Windows Deployment Services (WDS).
Weaponizing DCOM for NTLM Authentication Coercions
A little tool to play with the Seclogon service
Diaphora, the most advanced Free and Open Source program diffing tool.
High Fidelity Detection Mechanism for RSC/Next.js RCE (CVE-2025-55182 & CVE-2025-66478)
A byte code analyzer for finding deserialization gadget chains in Java applications
ProfileHound - BloodHound OpenGraph collector for user profiles stored on domain machines. Make informed decisions about looting secrets by identifying active user profiles on domain machines.
Accurately separates a URL’s subdomain, domain, and public suffix, using the Public Suffix List (PSL).
A lightweight redirector for Google Cloud Run, enabling domain fronting via Google-owned infrastructure.
Local SYSTEM auth trigger for relaying - X
Customizable Linux Persistence Tool for Security Research and Detection Engineering.
A Dissect module implementing parsers for various database formats
Collect infrastructure and permissions data from vCenter and export it as a BloodHound‑compatible graph using Custom Nodes/Edges
Dump protected files (SAM,SYSTEM,SECURITY) by parsing the raw NTFS partition