Stars
This project aims to compare and evaluate the telemetry of various EDR products.
Simple (relatively) things allowing you to dig a bit deeper than usual.
Create a USB Rubber Ducky like device using a Raspberry PI Pico
joaquimgrc / P4wnP1_aloa
Forked from RoganDawes/P4wnP1_aloaP4wnP1 A.L.O.A. by MaMe82 is a framework which turns a Rapsberry Pi Zero W into a flexible, low-cost platform for pentesting, red teaming and physical engagements ... or into "A Little Offensive Ap…
Dominate Active Directory with PowerShell. Inspired by CrackMapExec / NetExec.
A command-line utility designed to discover URLs for a given domain in a simple, efficient way. It works by gathering information from a variety of passive sources, meaning it doesn't interact dire…
ShuckNT is the script of Shuck.sh online service for on-premise use. It is design to dowgrade, convert, dissect and shuck authentication token based on Data Encryption Standard (DES).
PXEThief is a set of tooling that can extract passwords from the Operating System Deployment functionality in Microsoft Endpoint Configuration Manager
This is a repository of resource about Malware techniques
A small tool to generate DLL for internal pentesting
evasion technique to defeat and divert detection and prevention of security products (AV/EDR/XDR)
Beacon Object File & C# project to check LDAP signing
ADExplorerSnapshot.py is an AD Explorer snapshot parser. It is made as an ingestor for BloodHound, and also supports full-object dumping to NDJSON.
Proof-of-concept tools for my AD Forest trust research
Module Stomping, No New Thread, HellsGate syscaller, UUID Shellcode Runner for x64 Windows 10!
WSuspicious - A tool to abuse insecure WSUS connections for privilege escalations
ZeroDayLab / PowerSploit
Forked from PowerShellMafia/PowerSploitPowerSploit - A PowerShell Post-Exploitation Framework
Obfuscate ECMA CIL (.NET IL) assemblies to evade Windows Defender AMSI
A method of bypassing EDR's active projection DLL's by preventing entry point exection
A meterpreter extension for applying hooks to avoid windows defender memory scans
Asynchronous Password Spraying Tool in C# for Windows Environments
Privilege Escalation Enumeration Script for Windows
Volatility plugin to retrieve the Full Volume Encryption Key in memory. The FVEK can then be used with the help of Dislocker to mount the volume.