Run PowerShell with rundll32. Bypass software restrictions.

Proxifier Alternative to redirect any Windows/MacOS TCP and UDP traffic to HTTP/Socks5 proxy

TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts

StandIn is a small .NET35/45 AD post-exploitation toolkit

C# Script used for Red Team

Self-developed tools for Lateral Movement/Code Execution

Dump lsass using only NTAPI functions by hand-crafting Minidump files (without MiniDumpWriteDump!!!)

MITM proxy for TCP/TLS/DTLS/UDP traffic, with STARTTLS, IoT, Thick Client and more.

Moriarty is designed to enumerate missing KBs, detect various vulnerabilities, and suggest potential exploits for Privilege Escalation in Windows environments.

Managing permissions with PowerShell is only a bit easier than in VBS or the command line as there are no cmdlets for most day-to-day tasks like getting a permission report or adding permission to …

A User Impersonation tool - via Token or Shellcode injection

Okta Verify and Okta FastPass Abuse Tool

Extract SAM and SYSTEM using Volume Shadow Copy (VSS) API. With multiple exfiltration options and XOR obfuscation

Lnk Explorer Command line edition!!

Bypass AMSI by patching AmsiScanBuffer

Disconnected RSAT - A method of running Group Policy Manager, Certificate Authority and Certificate Templates MMC snap-ins from non-domain joined machies

Dig your way out of networks like a Meerkat using SSH tunnels via ClickOnce.

official repo for the AdHuntTool (part of the old RedTeamCSharpScripts repo)

Decrypt Veeam database passwords

Example code samples from our ScriptBlock Smuggling Blog post

Manage Shadows Copies via the VSS API using C#, C++, Crystal or Python. Working on Windows 11

C# and Impacket implementation of PrintNightmare CVE-2021-1675/CVE-2021-34527