A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the server.

LLVM plugin to transparently apply stack spoofing and indirect syscalls to Windows x64 native calls at compile time.

modify from memorymodule. support exception

Stand up a simple Elastic container with Kibana, Fleet, and the Detection Engine

BOF for Kerberos abuse (an implementation of some important features of the Rubeus).

The fastest and more comprehensive multiprotocol credentials bruteforcer / password sprayer and enumerator. 🥷

Gather and update all available and newest CVEs with their PoC.

jsleak is a tool to find secret , paths or links in the source code during the recon.

LDAP enumeration tool implemented in Python3

Free, libre, effective, and data-driven wordlists for all!

Execute unmanaged Windows executables in CobaltStrike Beacons

Use hardware breakpoints to spoof the call stack for both syscalls and API calls

PoC for a sleep obfuscation technique leveraging waitable timers to evade memory scanners.

HWSyscalls is a new method to execute indirect syscalls using HWBP, HalosGate and a synthetic trampoline on kernel32 with HWBP.

Privileger is a tool to work with Windows Privileges

Obfuscate powershell scripts by replacing Function names, Variables and Parameters.

Creating a repository with all public Beacon Object Files (BoFs)

AppSec Ezine Public Repository.

A wrapper around grep, to help you grep for things

A fast, simple, recursive content discovery tool written in Rust.

Kubernetes exploitation tool

Mangle is a tool that manipulates aspects of compiled executables (.exe or DLL) to avoid detection from EDRs

x64 binary obfuscator

Active Directory data ingestor for BloodHound Legacy written in Rust. 🦀

Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory. Ivy’s loader does this by utilizing programmatical access in the VBA object environmen…