Lists (1)
Stars
Tools and Techniques for Red Team / Penetration Testing
This repository contains a framework of curated Azure penetration testing tools that are specifically designed to help you identify and mitigate security vulnerabilities in Azure cloud environments.
Powerpipe: Dashboards for DevOps. Visualize cloud configurations. Assess security posture against a massive library of benchmarks. Build custom dashboards with code.
TokenSmith generates Entra ID access & refresh tokens on offensive engagements. It is suitable for both covert adversary simulations and penetration tests with the tokens generated working out of t…
Shadow Dumper is a powerful tool used to dump LSASS memory, often needed in penetration testing and red teaming. It uses multiple advanced techniques to dump memory, allowing to access sensitive da…
Get fresh Syscalls from a fresh ntdll.dll copy
Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.
hotnops / ROADtools
Forked from dirkjanm/ROADtoolsThe Azure AD exploration framework.
Tools for interacting with authentication packages using their individual message protocols
A Python based ingestor for BloodHound
Username tools for penetration testing
POC CVE-2022-30190 : CVE 0-day MS Offic RCE aka msdt follina
WPTaskScheduler RPC Persistence & CVE-2024-49039 via Task Scheduler
A collection of more than 170+ tools, scripts, cheatsheets and other loots that I've developed over years for Red Teaming/Pentesting/IT Security audits purposes.
Tool to audit and attack LAPS environments
The great impacket example scripts compiled for Windows
Certified Red Team Operator (CRTO) Cheatsheet and Checklist
PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw or other functions.
Official Black Hat Arsenal Security Tools Repository
ShutdownRepo / BloodHound.py
Forked from dirkjanm/BloodHound.pyA Python based ingestor for BloodHound
Kerberoast with ACL abuse capabilities
Python version of the C# tool for "Shadow Credentials" attacks
A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through 12 methods.
Impacket is a collection of Python classes for working with network protocols.
A repository with my notable code snippets for Offensive Security's PEN-300 (OSEP) course.
BadAssMacros - C# based automated Malicous Macro Generator.