Lists (8)
Stars
Python alternative to Mimikatz lsadump::dcshadow
Rust implementation of phantom persistence technique documented in https://blog.phantomsec.tools/phantom-persistence
Golem automates C/C++ vulnerability discovery with SemGrep+LLVM+LLM
An ICMP channel for Beacons, implemented using Cobalt Strike’s External C2 framework.
Run native PE or .NET executables entirely in-memory. Build the loader as an .exe or .dll—DllMain is Cobalt Strike UDRL-compatible
Username tools for penetration testing
Fully decrypt App-Bound Encrypted (ABE) cookies, passwords & payment methods from Chromium-based browsers (Chrome, Brave, Edge) - all in user mode, no admin rights required.
PoC Exploit for the NTLM reflection SMB flaw.
Active Directory Integrated DNS dumping by any authenticated user
A way to maintain long-term access to Windows LAPS for lateral movement in AD via installing an Offensive LAPS RPC backdoor on a DC.
A user-mode code and its rootkit that will Kill EDR Processes permanently by leveraging the power of Process Creation Blocking Kernel Callback Routine registering and ZwTerminateProcess.
An IDA Pro plugin that display cross-references to functions or variables across the entire binary in Hex-Rays pseudocode
Execute commands interactively on remote Windows machines using the WinRM protocol
FlowDroid Static Data Flow Tracker
A new version of Soot with a completely overhauled architecture
A step-by-step tutorial for Soot (a Java static analysis framework)
A Model Context Protocol (MCP) server to converse with data in Bloodhound