Secure, cross-platform Git credential storage with authentication to GitHub, Azure Repos, and other popular Git hosting services.

Phison 2251-03 (2303) Custom Firmware & Existing Firmware Patches (BadUSB)

SwarmUI (formerly StableSwarmUI), A Modular Stable Diffusion Web-User-Interface, with an emphasis on making powertools easily accessible, high performance, and extensibility.

.NET IPv4/IPv6 machine-in-the-middle tool for penetration testers

a tool for pentesters to help find delicious candy, by @l0ss and @Sh3r4 ( Twitter: @/mikeloss and @/sh3r4_hax )

Set of tools to analyze Windows sandboxes for exposed attack surface.

A set of .NET libraries for Windows implementing PInvoke calls to many native Windows APIs with supporting wrappers.

Run PowerShell with rundll32. Bypass software restrictions.

KrbRelayUp - a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).

PowerShell Runspace Post Exploitation Toolkit

A .net OLE/COM viewer and inspector to merge functionality of OleView and Test Container

SigFlip is a tool for patching authenticode signed PE files (exe, dll, sys ..etc) without invalidating or breaking the existing signature.

Writing custom backdoor payloads with C# - Defcon 27 Workshop

Also known by Microsoft as Knifecoat 🌶️

Monitor creation, deletion and changes to LDAP objects live during your pentest or system administration!

Loads any C# binary in mem, patching AMSI + ETW.

PurpleSharp is a C# adversary simulation tool that executes adversary techniques with the purpose of generating attack telemetry in monitored Windows environments

Self-developed tools for Lateral Movement/Code Execution

Cobalt Strike kit for Lateral Movement

Remote Kerberos Relay made easy! Advanced Kerberos Relay Framework

OpSec-safe Powershell runspace from within C# (aka SharpPick) with AMSI, Constrained Language Mode and Script Block Logging disabled at startup

Materials for the workshop "Red Team Ops: Havoc 101"

Find specific users in active directory via their username and logon IP address

RPC Monitor tool based on Event Tracing for Windows

Microsoft Compound File .net component - pure C# - netstandard 2.0

Quick Malicious ClickOnceGenerator for Red Team

Dig your way out of networks like a Meerkat using SSH tunnels via ClickOnce.

Spoofing desktop login applications with WinForms and WPF