Mythic C2 profile supporting agent communication via Feishu APIs

StealthGuardian is a middleware layer that can be combined with adversary simulation tools to verify the resistance, detection level and behaviour detection of executed actions against defined def…

MaLDAPtive is a framework for LDAP SearchFilter parsing, obfuscation, deobfuscation and detection.

Exchange privilege escalations to Active Directory

Powershell tool to automate Active Directory enumeration.

Self contained htaccess shells and attacks

AWS Attack Path Management Tool - Walking on the Moon

JAWS - Just Another Windows (Enum) Script

This exploit rebuilds and exploit the CVE-2019-16098 which is in driver Micro-Star MSI Afterburner 4.6.2.15658 (aka RTCore64.sys and RTCore32.sys) allows any authenticated user to read and write to…

BloodHound PowerShell client

Go Project Template

APC Injection from Kernel

Reflective Driver Loader

Python script that performs email address validation against Office 365 without submitting login attempts.

Source files for my posts

Driver loader for bypassing Windows x64 Driver Signature Enforcement

Modular cross-platform Microsoft Graph API (Entra, o365, and Intune) enumeration and exploitation toolkit

BOF and Python3 implementation of technique to unbind 445/tcp on Windows via SCM interactions

A Huge Learning Resources with Labs For Offensive Security Players

Enumerate valid usernames from Office 365 using ActiveSync, Autodiscover v1, or office.com login page.

New version of RottenPotato as a C DLL and standalone C binary - no need for meterpreter or other tools.

A POC to disable TamperProtection and other Defender / MDE components

Quietly and anonymously bruteforce Active Directory usernames at insane speeds from Domain Controllers by (ab)using LDAP Ping requests (cLDAP)

A collection of GCP IAM privilege escalation methods documented by the Rhino Security Labs team.

Port of Mandiant ShellcodeHashes plugin from IDA to BinaryNinja

Unhook Ntdll.dll, Go & C .