A set of .NET libraries for Windows implementing PInvoke calls to many native Windows APIs with supporting wrappers.

C# and Impacket implementation of PrintNightmare CVE-2021-1675/CVE-2021-34527

Local Service to SYSTEM privilege escalation from Windows 7 to Windows 10 / Server 2019

Internal Monologue Attack: Retrieving NTLM Hashes without Touching LSASS

PoCs and tools for investigation of Windows process execution techniques

Framework for Kerberos relaying

A tool to escalate privileges in an active directory network by coercing authenticate from machine accounts and relaying to the certificate service.

Exploit for EfsPotato(MS-EFSR EfsRpcOpenFileRaw with SeImpersonatePrivilege local privalege escalation vulnerability).

Exploit for CVE-2022-21999 - Windows Print Spooler Elevation of Privilege Vulnerability (LPE)

Dynamically invoke arbitrary unmanaged code from managed code without PInvoke.

Checks running processes, process metadata, Dlls loaded into your current process and the each DLLs metadata, common install directories, installed services and each service binaries metadata, inst…

Dump lsass using only NTAPI functions by hand-crafting Minidump files (without MiniDumpWriteDump!!!)

A lightweight tool to quickly extract valuable information from the Active Directory environment for both attacking and defending.

Salsa Tools - ShellReverse TCP/UDP/ICMP/DNS/SSL/BINDTCP/Shellcode/SILENTTRINITY and AV bypass, AMSI patched

PrintNotifyPotato

Excel Macro Document Reader/Writer for Red Teamers & Analysts

A .NET Framework 4.0 Windows Agent

A free and open-source .NET obfuscator using dnlib.

.NET/PowerShell/VBA Offensive Security Obfuscator

Tool to create hidden registry keys.

DeadPotato is a windows privilege escalation utility from the Potato family of exploits, leveraging the SeImpersonate right to obtain SYSTEM privileges. This script has been customized from the ori…

C# Reflective loader for unmanaged binaries.

Physmem2profit can be used to create a minidump of a target hosts' LSASS process by analysing physical memory remotely

LittleCorporal: A C# Automated Maldoc Generator

Weaponized HellsGate/SigFlip

A collection of weird ways to execute unmanaged code in .NET

Dump stuff without touching disk

Yet another PoC for https://www.wietzebeukema.nl/blog/hijacking-dlls-in-windows

C# version of MDSec's ParallelSyscalls

Companion PoC for the "Adventures in Dynamic Evasion" blog post