COFF and BOF Loader written in Nim

注入SSHD进程并记录ssh登录的密码

Pre-Built Vulnerable Multiple API Scenarios Environments Based on Docker-Compose.

BloodyAD is an Active Directory Privilege Escalation Framework

ADExplorerSnapshot.py is an AD Explorer snapshot ingestor for BloodHound.

Modify version of impacket wmiexec.py, get output(data,response) from registry, don't need SMB connection, also bypassing antivirus-software in lateral movement like WMIHACKER.

Nim implementation of Process Hollowing using syscalls (PoC)

Cover your tracks during Linux Exploitation by leaving zero traces on system logs and filesystem timestamps. 👻🐚

C# Kernel Mode Driver to read and write memory in protected processes

RevSuit is a flexible and powerful reverse connection platform designed for receiving connection from target host in penetration.

proxylogon, proxyshell, proxyoracle and proxytoken full chain exploit tool

JNDI注入测试工具（A tool which generates JNDI links can start several servers to exploit JNDI Injection vulnerability,like Jackson,Fastjson,etc）

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

Fileless ring 3 rootkit with installer and persistence that hides processes, files, network connections, etc.

An offline tool for querying IP geographic information and CDN provider.一个查询IP地理信息和CDN服务提供商的离线终端工具.

Spray365 makes spraying Microsoft accounts (Office 365 / Azure AD) easy through its customizable two-step password spraying approach. The built-in execution plan features options that attempt to by…

Zscan a scan blasting tool set

A Combination LSASS Dumper and LSASS Parser. All Credit goes to @slyd0g and @cube0x0.

Impacket is a collection of Python classes for working with network protocols.

AD Enum is a pentesting tool that allows to find misconfiguration through the the protocol LDAP and exploit some of those weaknesses with kerberos.

.NET Project for Attacking vCenter

Dumping LSASS has never been so stealthy

结合反射调用、Javac动态编译、ScriptEngine调用JS技术和各种代码混淆技巧的一款免杀JSP Webshell生成工具

bypass AV生成工具,目前免杀效果不是很好了，但是过个360，火绒啥的没问题

Module Stomping, No New Thread, HellsGate syscaller, UUID Shellcode Runner for x64 Windows 10!

Decrypt passwords/cookies/history/bookmarks from the browser. 一款可全平台运行的浏览器数据导出解密工具。