A PoC implementation for spoofing arbitrary call stacks when making sys calls (e.g. grabbing a handle via NtOpenProcess)

A PoC implementation for an evasion technique to terminate the current thread and restore it before resuming execution, while implementing page protection changes during no execution.

Powershell module that can be used by Blue Teams, Incident Responders and System Administrators to hunt persistences implanted in Windows machines. Official Twitter/X account @PersistSniper. Made w…

Nebula is a cloud C2 Framework, which at the moment offers reconnaissance, enumeration, exploitation, post exploitation on AWS, but still working to allow testing other Cloud Providers and DevOps C…

A set of scripts that demonstrate how to perform memory injection in C#

Crypter in Python 3 with advanced functionality, Bypass VM, Encrypt Source with AES & Base64 Encoding | Evil Code is executed by bruteforcing the decryption key, and then executing the decrypted ev…

Nishang - Offensive PowerShell for red team, penetration testing and offensive security.

Open source C2 server created for stealth red team operations

Red Team Cheatsheet in constant expansion.

Dumping LAPS from Python

Various PowerShell scripts that may be useful during red team exercise

Various PowerShell functions and scripts

A tool to elevate privilege with Windows Tokens

Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)

PoC dlls for Task Scheduler COM Hijacking

Nidhogg is an all-in-one simple to use windows kernel rootkit.

SafetyKatz is a combination of slightly modified version of @gentilkiwi's Mimikatz project and @subtee's .NET PE Loader

An open-source, free protector for .NET applications

Fileless lateral movement tool that relies on ChangeServiceConfigA to run command

A collaborative, multi-platform, red teaming framework

RunasCs - Csharp and open version of windows builtin runas.exe

A new AMSI Bypass technique using .NET ALI Call Hooking.

A simple shell code encryptor/decryptor/executor to bypass anti virus.

A modular C2 framework

SharpGen is a .NET Core console application that utilizes the Rosyln C# compiler to quickly cross-compile .NET Framework console applications or libraries.

Scan installed EDRs and AVs on Windows

Hiding GoPhish from the boys in blue

Open-Source Phishing Toolkit

Yet another shellcode runner consists of different techniques for evaluating detection capabilities of endpoint security solutions

A post exploitation framework designed to operate covertly on heavily monitored environments