This project aims to compare and evaluate the telemetry of various EDR products.

Simple (relatively) things allowing you to dig a bit deeper than usual.

Create a USB Rubber Ducky like device using a Raspberry PI Pico

P4wnP1 A.L.O.A. by MaMe82 is a framework which turns a Rapsberry Pi Zero W into a flexible, low-cost platform for pentesting, red teaming and physical engagements ... or into "A Little Offensive Ap…

A PowerShell tool that takes strong inspiration from CrackMapExec / NetExec

A command-line interface (CLI) based passive URLs discovery utility. It is designed to efficiently identify known URLs of given domains by tapping into a multitude of curated online passive sources.

ShuckNT is the script of Shuck.sh online service for on-premise use. It is design to dowgrade, convert, dissect and shuck authentication token based on Data Encryption Standard (DES).

Stop Windows Defender programmatically

PXEThief is a set of tooling that can extract passwords from the Operating System Deployment functionality in Microsoft Endpoint Configuration Manager

This is a repository of resource about Malware techniques

Powershell version of SharpGPOAbuse

A small tool to generate DLL for internal pentesting

evasion technique to defeat and divert detection and prevention of security products (AV/EDR/XDR)

C# Reflective loader for unmanaged binaries.

Beacon Object File & C# project to check LDAP signing

ADExplorerSnapshot.py is an AD Explorer snapshot parser. It is made as an ingestor for BloodHound, and also supports full-object dumping to NDJSON.

Proof-of-concept tools for my AD Forest trust research

Module Stomping, No New Thread, HellsGate syscaller, UUID Shellcode Runner for x64 Windows 10!

WSuspicious - A tool to abuse insecure WSUS connections for privilege escalations

PowerSploit - A PowerShell Post-Exploitation Framework

Obfuscate ECMA CIL (.NET IL) assemblies to evade Windows Defender AMSI

A method of bypassing EDR's active projection DLL's by preventing entry point exection

A meterpreter extension for applying hooks to avoid windows defender memory scans

Asynchronous Password Spraying Tool in C# for Windows Environments

Privilege Escalation Enumeration Script for Windows

Volatility plugin to retrieve the Full Volume Encryption Key in memory. The FVEK can then be used with the help of Dislocker to mount the volume.