UltimateWDACBypassList. A centralized resource for previously documented WDAC bypass techniques
626SharpRDPHijack. A proof-of-concept Remote Desktop (RDP) session hijack utility
503WSMan-WinRM. A collection of proof-of-concept source code and scripts for executing remote commands over WinRM using the WSMan.Automation COM object
261GhostBuild. GhostBuild is a collection of simple MSBuild launchers for various GhostPack/.NET projects
252DynamicDotNet. A collection of various and sundry code snippets that leverage .NET dynamic tradecraft
145RogueAssemblyHunter. Rogue Assembly Hunter is a utility for discovering 'interesting' .NET CLR modules in running processes.
117COM-to-the-Darkside. Slides and resources from MCTTP 2025 Talk
69paSSH. A simple Python SSH server that reveals passwords of connecting clients
32pyrevtun. A pure Python reverse tunnel/reverse port forward utility (prototype) to forward TCP protocols over SSL/TLS.
26IISAppPoolCreds. Retrieve the IIS Application Pool Credentials. Relies on the WebAdministration PowerShell Module.
14PRUA. PASSWORD RE-USE AUDITOR
8SharpCradle. C#
4Random. Assorted scripts and one off things
3YaraTools. Over 100K open-source YARA signatures evaluated against over 280K files to give insights into the performance of each YARA rule.
1awesome-injection. Centralized resource for listing and organizing known injection techniques and POCs
1