Stars
Extract SAM and SYSTEM using Volume Shadow Copy (VSS) API. With multiple exfiltration options and XOR obfuscation
A simple, lightweight PowerShell script to remove pre-installed apps, disable telemetry, as well as perform various other changes to customize, declutter and improve your Windows experience. Win11D…
This is the loader that supports running a program with Protected Process Light (PPL) protection functionality.
A python tool to map the access rights of network shares into a BloodHound OpenGraphs easily
A domain specific language for matching directories and files in network shares
Depix is a PoC for a technique to recover plaintext from pixelized screenshots.
Simple powershell script to tests for "GHOST" SPN's
Proof-of-Concept tool for extracting NTLMv1 hashes from sessions on modern Windows systems.
Unauthenticated start EFS service on remote Windows host (make PetitPotam great again)
A tool designed for smuggling interactive command and control traffic through legitimate TURN servers hosted by reputable providers such as Zoom.
IP Rotation from different providers - Like FireProx but for GCP, Azure, Alibaba and CloudFlare
Open source DocuSign alternative. Create, fill, and sign digital documents ✍️
Bypass user-land hooks by syscall tampering via the Trap Flag
Proof of Concepts code for Bring Your Own Vulnerable Driver techniques
SharpSilentChrome is a C# project that "silently" installs browser extensions on Google Chrome or MS Edge by updating the browsers' Preferences and Secure Preferences files. Currently, it only supp…
Vulnerable driver research tool, result and exploit PoCs
Dump lsass using only NTAPI functions creating 3 JSON and 1 ZIP file... and generate the MiniDump file later!
RCE in Amazon Managed Workflows for Apache Airflow (MWAA) service
Listener that spawns a new tmux window for each incoming reverse shell + Supports listening on many ports
Python3 utility for creating zip files that smuggle additional data for later extraction
Vulnerable (on purpose) programs to leak NtReadVirtualMemory address for stealthier API resolution (no GetProcAddress, GetModuleHandle or LoadLibrary in the IAT)
SharpSuccessor is a .NET Proof of Concept (POC) for fully weaponizing Yuval Gordon’s (@YuG0rd) BadSuccessor attack from Akamai.
Firepwn is a tool made for testing the Security Rules of a firebase application.
An even funnier way to disable windows defender. (through WSC api)
Exploitation paths allowing you to (mis)use the Windows Privileges to elevate your rights within the OS.
Tests with Network Providers DLLs, adding some extra functionality to NPPSpy2 by @gtworek