A tool employs direct registry manipulation to create scheduled tasks without triggering the usual event logs.

Map remote .NET assemblies to memory for further invocation.

A tool for generating multiple types of NTLMv2 hash theft files by Jacob Wilkin (Greenwolf)

Sandboxie Plus & Classic

Spartacus DLL/COM Hijacking Toolkit

macro_pack is a tool by @EmericNasi used to automatize obfuscation and generation of Office documents, VB scripts, shortcuts, and other formats for pentest, demo, and social engineering assessments…

Run PowerShell with rundll32. Bypass software restrictions.

Abuse Impersonate Privilege from Service to SYSTEM like other potatoes do

Loads any C# binary in mem, patching AMSI + ETW.

AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.

Pentest Report Generator

🔍 A Hex Editor for Reverse Engineers, Programmers and people who value their retinas when working at 3 AM.

Collection of tools that reflect the network dimension into Bloodhound's data

Active Directory Integrated DNS dumping by any authenticated user

PowerShell MachineAccountQuota and DNS exploit tools

StandIn is a small .NET35/45 AD post-exploitation toolkit

PoC tool to coerce Windows hosts authenticate to other machines via the MS-RPRN RPC interface. This is possible via other protocols as well.

Discover Printers

IOXIDResolver from AirBus Security/PingCastle

C# Data Collector for BloodHound

Fileless lateral movement tool that relies on ChangeServiceConfigA to run command

PingCastle - Get Active Directory Security at 80% in 20% of the time

Lockless allows for the copying of locked files.

.NET IPv4/IPv6 machine-in-the-middle tool for penetration testers

Internal Monologue Attack: Retrieving NTLM Hashes without Touching LSASS

Find vulnerabilities in AD Group Policy, but do it better than Grouper2 did.