Trying to tame the three-headed dog.

Covenant is a collaborative .NET C2 framework for red teamers.

Deserialization payload generator for a variety of .NET formatters

Network Analysis Tool

.NET IPv4/IPv6 machine-in-the-middle tool for penetration testers

Identifies the bytes that Microsoft Defender flags on.

A source generator to add a user-defined set of Win32 P/Invoke methods and supporting types to a C# project.

A cross-platform assistant for creating malicious MS Office documents. Can hide VBA macros, stomp VBA code (via P-Code) and confuse macro analysis tools. Runs on Linux, OSX and Windows.

A set of .NET libraries for Windows implementing PInvoke calls to many native Windows APIs with supporting wrappers.

C# and Impacket implementation of PrintNightmare CVE-2021-1675/CVE-2021-34527

Directory Services Internals (DSInternals) PowerShell Module and Framework

Run PowerShell with rundll32. Bypass software restrictions.

Local Service to SYSTEM privilege escalation from Windows 7 to Windows 10 / Server 2019

Enumerate missing KBs and suggest exploits for useful Privilege Escalation vulnerabilities

Internal Monologue Attack: Retrieving NTLM Hashes without Touching LSASS

Identifies the bytes that Microsoft Defender / AMSI Consumer flags on.

RunasCs - Csharp and open version of windows builtin runas.exe

Also known by Microsoft as Knifecoat 🌶️

A tool for generating .NET serialized gadgets that can trigger .NET assembly load/execution when deserialized using BinaryFormatter from JS/VBS/VBA based scripts.

Porting of mimikatz sekurlsa::logonpasswords, sekurlsa::ekeys and lsadump::dcsync commands

Methods for attacking KeePass 2.X databases, including extracting of encryption key material from memory.

Fork of SafetyKatz that dynamically fetches the latest pre-compiled release of Mimikatz directly from gentilkiwi GitHub repo, runtime patches signatures and uses SharpSploit DInvoke to PE-Load into…

SOAPHound is a custom-developed .NET data collector tool which can be used to enumerate Active Directory environments via the Active Directory Web Services (ADWS) protocol.

StandIn is a small .NET35/45 AD post-exploitation toolkit

OfensivePipeline allows you to download and build C# tools, applying certain modifications in order to improve their evasion for Red Team exercises.

Sandman is a NTP based backdoor for hardened networks.

SharpWMI is a C# implementation of various WMI functionality.

.NET 4.0 CLR Project to retrieve Chromium data, such as cookies, history and saved logins.