Shadow Dumper is a powerful tool used to dump LSASS memory, often needed in penetration testing and red teaming. It uses multiple advanced techniques to dump memory, allowing to access sensitive da…

Yet another shellcode loader - but a sneaky one

MIPS VM to execute payloads without allocating executable memory. Based on a PlayStation 1 (PSX) Emulator.

CobaltStrike BOF - Inject ETW Bypass into Remote Process via Syscalls (HellsGate|HalosGate)

Abusing Azure services over C2

MaLDAPtive is a framework for LDAP SearchFilter parsing, obfuscation, deobfuscation and detection.

A Python script to find tenant id an region from a list of domain names.

M365/Azure adversary simulation tool that generates realistic attack telemetry to help blue teams improve their detection and response capabilities.

Providing Azure pipelines to create an infrastructure and run Atomic tests.

Protected Process Dumper Tool

Some scripts to abuse kerberos using Powershell

Timeroasting scripts by Tom Tervoort

WNF Code Execution Library Using C#

Mangle is a tool that manipulates aspects of compiled executables (.exe or DLL) to avoid detection from EDRs

Start new PowerShell without etw and amsi in pure nim

AzureRT - A Powershell module implementing various Azure Red Team tactics

Find vulnerabilities in AD Group Policy, but do it better than Grouper2 did.

Kernel mode WinDbg extension and PoCs for token privilege investigation.

A small POC to make defender useless by removing its token privileges and lowering the token integrity

Remote Desktop entirely coded in PowerShell.

Collection of KQL queries

The swiss army knife of LSASS dumping

PIC lsass dumper using cloned handles

GoldenSAML Attack Libraries and Framework

Understand adversary tradecraft and improve detection strategies

A Cloud Forensics Powershell module to run threat hunting playbooks on data from Azure and O365

O365 Education tools and scripts repository

Azure AD RedTeam Full Enumeration Script used to query all aspects of your target Azure tenant.