sRDI. Shellcode implementation of Reflective DLL Injection. Convert DLLs to position independent shellcode
2.5kKoppeling. Adaptive DLL hijacking / dynamic export forwarding
820FlyingAFalseFlag. Slides and Code for the BHUSA 2019 talk: Flying a False Flag
240Trebuchet. MS15-076 Privilege Escalation
101minibus. Remote code execution in Power Platform connectors via JSON deserialization
23mailorder. Nalpeiron Licensing Service (NLSSRV32) arbitrary disk read [CVE-2019-19315]
4DomainFrontingLists. A list of Domain Frontable Domains by CDN
4Empire. Empire is a pure PowerShell post-exploitation agent.
3CTFd-secure-flags. CTFd secure flags plugin
3PowerTools. PowerTools is a collection of PowerShell projects with a focus on offensive operations.
3kerbrute. A tool to perform Kerberos pre-auth bruteforcing
3ruler. A tool to abuse Exchange services
3ysoserial.net. Deserialization payload generator for a variety of .NET formatters
3shellcc. Building optimized shellcode using GCC. Suited for learning assembly and playing with the ABI
2SMBTrap. Tools developed to test the Redirect to SMB issue
2DotNetToJScript. A tool to create a JScript file which loads a .NET v2 assembly from memory.
2changed-files. :octocat: Github action to retrieve all (changed, added, modified, deleted) files.
2soft-carrot.
1symcc. SymCC: efficient compiler-based symbolic execution
1mkdocs-material. Documentation that simply works
1NetScalerEPABypass. A quick and dirty way to bypass encrypted EPA to connect to a NetScaler Gateway
1counterfit. a CLI that provides a generic automation layer for assessing the security of ML models
1windows-itpro-docs. This is used for contributions to the Windows 10 content for IT professionals on docs.microsoft.com.
1SiriProxy. Siritron Modded version
1pyDHE. A reference implementation of Diffie-Hellman in Python
1PowerSploit. PowerSploit - A PowerShell Post-Exploitation Framework
1sandbox-attacksurface-analysis-tools. Set of tools to analyze Windows sandboxes for exposed attack surface.
1Responder. Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication.
1