KrbRelayUp - a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).

Internal Monologue Attack: Retrieving NTLM Hashes without Touching LSASS

A repository with my notable code snippets for Offensive Security's PEN-300 (OSEP) course.

Remote Desktop Protocol .NET Console Application for Authenticated Command Execution

SOAPHound is a custom-developed .NET data collector tool which can be used to enumerate Active Directory environments via the Active Directory Web Services (ADWS) protocol.

A tool which bypasses AMSI (AntiMalware Scan Interface) and PowerShell CLM (Constrained Language Mode) and gives you a FullLanguage PowerShell reverse shell.

Remote Kerberos Relay made easy! Advanced Kerberos Relay Framework

reflectively load any binary with Installutil LOLBAS