GoAccess is a real-time web log analyzer and interactive viewer that runs in a terminal in *nix systems or through your browser.

Simple (relatively) things allowing you to dig a bit deeper than usual.

Fileless lateral movement tool that relies on ChangeServiceConfigA to run command

Bypass Chromium's App-Bound Encryption via Direct Syscall-based Reflective Process Hollowing. Extract cookies, passwords, payment methods & tokens from Chrome, Edge, and Brave - fileless, user-mode…

A collection of my Semgrep rules to facilitate vulnerability research.

Various Cobalt Strike BOFs

Collection of Beacon Object Files (BOF) for Cobalt Strike

Fake sshd that logs ip addresses, usernames, and passwords.

Red Team C code repo

Cobalt Strike User-Defined Reflective Loader with AV/EDR Evasion in mind

Moved to https://codeberg.org/DNS-OARC/dnsperf

A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.

Shellcoding utilities

C or BOF file to extract WebKit master key to decrypt user cookie

DLL Generator for side loading attack

Curated list of public Beacon Object Files(BOFs) build in as submodules for easy cloning

Using Just In Time (JIT) instruction decryption, this shellcode loader ensures that only the currently executing instruction is visible in memory.

A Crystal Palace shared library to resolve & perform syscalls

in-process powershell runner for BRC4

Curated list of public penetration testing reports released by several consulting firms