RunAs Utility Credential Stealer implementing 3 techniques : Hooking CreateProcessWithLogonW, Smart Keylogging, Remote Debugging

Multiplayer pivoting solution

A C++ proof of concept demonstrating the exploitation of Windows Protected Process Light (PPL) by leveraging COM-to-.NET redirection and reflection techniques for code injection. This PoC showcases…

An SSL Enabled Basic Auth Credential Harvester with a Word Document Template URL Injector

Tool for viewing NTDS.dit

Enumerate Domain Users Without Authentication

A Rust implementation of Internal-Monologue — retrieving NetNTLM hashes without touching LSASS, leveraging SSPI for NTLM negotiation and indirect NTAPIs for core operations.

Red team Interview Questions

BrowserSnatch is a powerful browser stealer or browser data extraction tool intended to be used for ethical hacking or penetration testing.

Bypass LSA protection using the BYODLL technique

PoCs of RCEs against open source C2 servers

一个各种方式突破Disable_functions达到命令执行的shell

Disconnected RSAT - A method of running Group Policy Manager, Certificate Authority and Certificate Templates MMC snap-ins from non-domain joined machies

Decrypt GlobalProtect configuration and cookie files.

A set of programs for analyzing common vulnerabilities in COM

Remotely Enumerate sessions using undocumented Windows Station APIs

HookChain: A new perspective for Bypassing EDR Solutions

DeadPotato is a windows privilege escalation utility from the Potato family of exploits, leveraging the SeImpersonate right to obtain SYSTEM privileges. This script has been customized from the ori…

A reference of Windows API function calls, including functions for file operations, process management, memory management, thread management, dynamic-link library (DLL) management, synchronization,…

Small and highly portable detection tests based on MITRE's ATT&CK.

Win32 and Kernel abusing techniques for pentesters

Simple POC library to execute arbitrary calls proxying them via NdrServerCall2 or similar

Deserialization payload generator for a variety of .NET formatters

新一代SKRoot，挑战全网root检测手段，跟面具完全不同思路，摆脱面具被检测的弱点，完美隐藏root功能，全程不需要暂停SELinux，实现真正的SELinux 0%触碰，通用性强，通杀所有内核，不需要内核源码，直接patch内核，兼容安卓APP直接JNI调用，稳定、流畅、不闪退。

Load dll with undocumented functions and debug symbols

Attack Surface Management Platform

Weaponizing for privileged file writes bugs with windows problem reporting

linux应急响应检查脚本单机终极版

Process injection alternative