Simple EDR that injects a DLL into a process to place a hook on specific Windows API

Using Chromium-based browsers as a proxy for C2 traffic.

A swiss army knife tool for running, injecting and organizing your BOFs collection

bof-launcher - a library for loading, executing and in-memory masking BOFs on Windows (x64, x86) and Linux (x64, x86, aarch64, arm). Ready to use in C/Zig/Rust/Go/C++ applications.

An LLVM Pass from Hikari-LLVM15

PowerShell scripts for alternative SharpHound enumeration, including users, groups, computers, and certificates, using the ActiveDirectory module (ADWS) or System.DirectoryServices class (LDAP).

Generate BloodHound compatible JSON from logs written by ldapsearch BOF, pyldapsearch and Brute Ratel's LDAP Sentinel

Proof of Concept for CVE-2025-8760

YARA signature and IOC database for my scanners and tools

Offensive GPO dumping and analysis tool that leverages and enriches BloodHound data

Active Directory data ingestor for BloodHound Community Edition written in Rust. 🦀

A client library to interact with Windows RPC services such as MS-SRVS and MS-RRP.

Open source obfuscation tool for .NET assemblies

A .NET Framework 4.0 Windows Agent

VMware host modules for newest versions of the Linux kernel. Patched up with patches from AUR. All because Broadcom seems to be lazy.

Decode obfuscated ldap_default_authtok from sssd.conf

A suite of services (SOCKS, FTP, shell, etc.) over Citrix, VMware Horizon and native Windows RDP virtual channels.

Penelope Shell Handler

Reflective shellcode loaderwith advanced call stack spoofing and .NET support.

Go shellcode loader that combines multiple evasion techniques

Fast and extensible multi-platform HTTP/1-2-3 web server with automatic HTTPS

A SimpleHTTPServer written in Go, enhanced with features and with a nice design - https://goshs.de

Run PowerShell with rundll32. Bypass software restrictions.

A tool to create a JScript file which loads a .NET v2 assembly from memory.

Attempt at Obfuscated version of SharpCollection

Library of BOFs to interact with SQL servers

A Rust implementation of GodPotato — abusing SeImpersonate to gain SYSTEM privileges. Includes a TCP-based reverse shell and indirect NTAPI for various operations.