Rust Weaponization for Red Team Engagements.

Beacon Object File to delete token privileges and lower the integrity level to untrusted for a specified process

.Net port of the remote SAM + LSA Secrets dumping functionality of impacket's secretsdump.py

Quickly discover exposed hosts on the internet using multiple search engines.

Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!

A Python based ingestor for BloodHound

Guaranteed compile-time string literal obfuscation header-only library for C++14

Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from memory and runs them with parameters

Silencing Sysmon via driver unload

Creating a repository with all public Beacon Object Files (BoFs)

Beacon Object Files for roasting Active Directory

A tool which creates a spoofed certificate of any online website and signs an Executable for AV Evasion. Works for both Windows and Linux

Pseudorandom AES-256 encryption designed to protect shellcode and arbitrary strings. C# and C/C++ compatible.

Loading and executing shellcode in C# without PInvoke.

UUID based Shellcode loader for your favorite C2

An implementation and proof-of-concept of Process Forking.

Shellcode injector using direct syscalls

OffensivePH - use old Process Hacker driver to bypass several user-mode access controls

Module Stomping, No New Thread, HellsGate syscaller, UUID Shellcode Runner for x64 Windows 10!

LiquidSnake is a tool that allows operators to perform fileless lateral movement using WMI Event Subscriptions and GadgetToJScript

A repository with my notable code snippets for Offensive Security's PEN-300 (OSEP) course.

SourcePoint is a C2 profile generator for Cobalt Strike command and control servers designed to ensure evasion.

Slides, documentation, and files from my presentation at Red Team Village for HackerOne's hacktivitycon.

A .NET binary loader that bypasses AMSI

EarlyBird process hollowing technique (BOF) - Spawns a process in a suspended state, inject shellcode, hijack main thread with APC, and execute shellcode

Cobalt Strike BOF that spawns a sacrificial process, injects it with shellcode, and executes payload. Built to evade EDR/UserLand hooks by spawning sacrificial process with Arbitrary Code Guard (AC…

Proof-of-concept obfuscation toolkit for C# post-exploitation tools

UnhookMe is an universal Windows API resolver & unhooker addressing problem of invoking unmonitored system calls from within of your Red Teams malware

ScareCrow - Payload creation framework designed around EDR bypass.