Another LSASS dumping tool that uses a dynamically compiled LSA plugin to grab an lsass handle and API hooking for capturing the dump in memory

A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate, integrate, and enhance Cobalt Strike's evasion features!

Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory. Ivy’s loader does this by utilizing programmatical access in the VBA object environmen…

MS-FSRVP coercion abuse PoC

SigFlip is a tool for patching authenticode signed PE files (exe, dll, sys ..etc) without invalidating or breaking the existing signature.

Cobalt Strike script for ScareCrow payloads intergration (EDR/AV evasion)

A script that helps you understand why your E-Mail ended up in Spam

Shellcode injection technique. Given as C++ header, standalone Rust program or library.

Stop Windows Defender using the Win32 API

Create file system symbolic links from low privileged user accounts within PowerShell

Hellsgate + Halosgate/Tartarosgate. Ensures that all systemcalls go through ntdll.dll

My collection of battle-tested Aggressor Scripts for Cobalt Strike 4.0+

Adversary Emulation Framework

Obfuscate Go builds

KrbRelayUp - a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).

Remote Administration Tool for Windows

A tool to generate macOS initial access vectors using Prelude Operator payloads

Red Team Cheatsheet in constant expansion.

Mangle is a tool that manipulates aspects of compiled executables (.exe or DLL) to avoid detection from EDRs

Convert shellcode into ✨ different ✨ formats!

A Linux eBPF rootkit with a backdoor, C2, library injection, execution hijacking, persistence and stealth capabilities.

Unchain AMSI by patching the provider’s unmonitored memory space

RedGuard is a C2 front flow control tool,Can avoid Blue Teams,AVs,EDRs check.

Multi-Packer wrapper letting us daisy-chain various packers, obfuscators and other Red Team oriented weaponry. Featured with artifacts watermarking, IOCs collection & PE Backdooring. You feed it wi…

Create fake certs for binaries using windows binaries and the power of bat files

Strelka Web UI for File Submission and Analysis

reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous …