Tailscale-based Windows VNC persistence tool with Session 0 isolation bypass, embedding a full WireGuard peer and RFB server into a single drop-in binary.

One WSL BOF to rule them all

Execute commands, in/exfiltrate files using your custom RPC Server

Beacon Object File (BOF) port of DumpGuard for extracting NTLMv1 hashes from sessions on modern Windows systems.

A portable C# utility for enumerating local and remote windows sessions

A Beacon Object File (BOF) that performs the complete ESC1 attack chain in a single execution: certificate request with arbitrary SAN (+SID), PKINIT authentication, and NT hash extraction via UnPAC…

This C# tool sprays for admin access over the entire domain

Use Cloudflare to create HTTP pass-through proxies for unique IP rotation, similar to fireprox

A C# utility for interacting with SCOM

Automated DLL Sideloading Tool With EDR Evasion Capabilities

Windows Session Hijacking via COM

Wiretap is a transparent, VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.

Power Automate C2 (PAC2) : Stealth living-off-the-cloud C2 framework.

rep+ — Burp-style HTTP Repeater for Chrome DevTools with built‑in AI to explain requests and suggest attacks

Collection of many ldap bofs for domain enumeration and privilege escalation. Created for use with the Adaptix C2.

Using Chromium-based browsers as a proxy for C2 traffic.

金刚狼：首款支持AI渗透的WebShell MCP，首款支持多层内网级联的ASPX、ASHX高级WebShell管理工具，AES加密通信，无需代理，内存加载渗透工具，无文件落地隐蔽渗透目标，动态代码执行，ShellCode加载(Metasploit/Cobalt Strike)，反弹Shell，Socks代理，内存马

BOF to run PE in Cobalt Strike Beacon without console creation

SharpSilentChrome is a C# project that "silently" installs browser extensions on Google Chrome or MS Edge by updating the browsers' Preferences and Secure Preferences files. Currently, it only supp…

Extract the SAM and SYSTEM hives using the Volume Shadow Copy (VSS) API. With exfiltration and XOR obfuscation options. Implemented in C#, C++, Crystal and Python

BOF to steal Teams cookies

The dragon in the dark. A red team post exploitation framework for testing security controls during red team assessments.

A PICO for Crystal Palace that implements CLR hosting to execute a .NET assembly in memory.

The DCERPC only printerbug.py version

CVE-2025-49844 (RediShell)

An NTP channel for Beacons, implemented using Cobalt Strike’s External C2 framework.

Stealthy Linux Kernel Rootkit for modern kernels (6x)

A BOF that's a BOF Loader and more

复杂请求下的Shiro反序列化利用工具

Windows protocol library, including SMB and RPC implementations, among others.