An example reference design for a proposed BOF PE

Reaping treasures from strings in remote processes memory

iOS and macOS Decompiler

COM ViewLogger — new malware keylogging technique

.NET assembly loader with patchless AMSI and ETW bypass

TokenCert

PXEThief is a set of tooling that can extract passwords from the Operating System Deployment functionality in Microsoft Endpoint Configuration Manager

Embed a payload inside a PNG file

Azure DevOps Services Attack Toolkit

Beacon Object File Loader

Identify common EDR processes, directories, and services. Simple BOF of Invoke-EDRChecker.

Disconnected RSAT - A method of running Group Policy Manager, Certificate Authority and Certificate Templates MMC snap-ins from non-domain joined machies

A set of programs for analyzing common vulnerabilities in COM

BOF and Python3 implementation of technique to unbind 445/tcp on Windows via SCM interactions

Email enumerator, username generator, and context validator for hunter.io, snov.io, and skrapp.io

The recursive internet scanner for hackers. 🧡

Bounces when a fish bites - Evilginx database monitoring with exfiltration automation

Modular cross-platform Microsoft Graph API (Entra, o365, and Intune) enumeration and exploitation toolkit

A small script that automates Entra ID persistence with Windows Hello For Business key

Tools for analyzing EDR agents

Writing Nimless Nim - Slides and source for BSIDESKC 2024 talk.

A C# Solution Source Obfuscator for avoiding AV signatures with minimal user interaction. Powered by the Roslyn C# library.

A BOF that runs unmanaged PEs inline

Okta Verify and Okta FastPass Abuse Tool

Initial Access and Post-Exploitation Tool for AAD and O365 with a browser-based GUI

Macro-header for compile-time C obfuscation (tcc, win x86/x64)