A tool to exploit .NET Remoting Services

Official writeups for Cyber Apocalypse CTF 2025: Tales from Eldoria

A collection of Semgrep rules which followed security guidelines for .NET and Java.

RMIScout uses wordlist and bruteforce strategies to enumerate Java RMI functions and exploit RMI parameter unmarshalling vulnerabilities

GLPI vulnerabilities checking tool

Fully asynchronous SMB library written in pure python

A tool for pointesters to find candies in SharePoint

An eBPF playground

Capturing SSL/TLS plaintext without a CA certificate using eBPF. Supported on Linux/Android kernels for amd64/arm64.

Various tips & tricks

Tool to remotely dump secrets from the Windows registry

New generation of wmiexec.py

SoaPy is a Proof of Concept (PoC) tool for conducting offensive interaction with Active Directory Web Services (ADWS) from Linux hosts.

Use the Netlogon Remote Protocol (MS-NRPC) to dump the target hash.

SACL Scanner is a tool designed to scan and analyze SACLs.

Impacket is a collection of Python classes for working with network protocols.

A tool to extract the IdP cert from vCenter backups and log in as Administrator

Coerce Windows machines auth via MS-EVEN

psexecsvc - a python implementation of PSExec's native service implementation

A python script to automatically list vulnerable Windows ACEs/ACLs.

AADInternals-Endpoints PowerShell module

Automate ssh private key extraction from ssh-agent

DCOM Lateral movement POC abusing the IMsiServer interface - uploads and executes a payload remotely

CLI tool to interact with the BloodHound CE API

LdapNightmare is a PoC tool that tests a vulnerable Windows Server against CVE-2024-49113

A security assessment tool for analyzing Active Directory Group Policy Objects (GPOs) to identify misconfigurations and vulnerabilities

A BloodHound collector for Microsoft Configuration Manager