SweetPotato. Local Service to SYSTEM privilege escalation from Windows 7 to Windows 10 / Server 2019
1.8kSharpBlock. A method of bypassing EDR's active projection DLL's by preventing entry point exection
1.2kBeaconEye. Hunts out CobaltStrike beacons and logs operator command output
962ThreadlessInject. Threadless Process Injection using remote function hooking.
822BOF.NET. A .NET Runtime for Cobalt Strike's Beacon Object Files
784lsarelayx. NTLM relaying for Windows made easy
580Volumiser. C#
435okta-terrify. Okta Verify and Okta FastPass Abuse Tool
344DRSAT. Disconnected RSAT - A method of running Group Policy Manager, Certificate Authority and Certificate Templates MMC snap-ins from non-domain joined machies
310MirrorDump. Another LSASS dumping tool that uses a dynamically compiled LSA plugin to grab an lsass handle and API hooking for capturing the dump in memory
271MinHook.NET. A C# port of the MinHook API hooking library
236gssapi-abuse. A tool for enumerating potential hosts that are open to GSSAPI abuse within Active Directory networks
188SylantStrike. Simple EDR implementation to demonstrate bypass
183goreflect. Reflective DLL loading of your favorite Golang program
174Shwmae. C#
165dnMerge. A lightweight .NET assembly dependency merger that uses dnLib and 7zip's LZMA SDK for compressing dependant assemblies.
108PIVert. C#
107PinSwipe. Smart Card PIN swiping DLL
80PwnyForm. C#
48gookies. A Chrome cookie dumping utility
46ProvisionAppx. C#
39bittrex4j. Java library for accessing the Bittrex Web API's and Web Sockets
33PoC. Exploit PoC for CVE's and non CVE's alike
22SQL-BOF. Library of BOFs to interact with SQL servers
16Jboss-Wilfly-Hashes-to-Hashcat. Converts JBoss/Wildfly management users properties file to hashcat format compatible with mode 20
12chlonium. Chromium Cookie import / export tool
11Rubeus. Trying to tame the three-headed dog.
9InlineExecute-Assembly. InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assembly execution as an alternative to Cobalt Strikes traditional fork and run execute-assembly module
5VulnHub. VulnHub Walkthroughs
4sandbox-attacksurface-analysis-tools. Set of tools to analyze Windows sandboxes for exposed attack surface.
3gocrack. GoCrack is a management frontend for password cracking tools written in Go
3nmap. Nmap - the Network Mapper. Github mirror of official SVN repository.
3metasploit-framework. Metasploit Framework
3Certify. Active Directory certificate abuse.
2nodebb-plugin-onesignal. Allows NodeBB to interface with the OneSignal service in order to provide push notifications via OneSignal, originally forked from nodebb-plugin-pushbullet
2MediaPortal-AsteriskCid. C#
1impacket. Impacket is a collection of Python classes for working with network protocols.
1signalr-java-client. Java
1SharpView. C# implementation of harmj0y's PowerView
1JCAlgTest. Automated testing tool for algorithms from JavaCard API supported by particular smart card. Performance testing of almost all available methods. The results for more than 60+ cards.
1