Eclipse Eclipse is a PoC that performs Activation Context hijack to load and run an arbitrary DLL in any desired process. Initially, this technique was created as a more flexible alternative to DLL Sideloading + DLL...
Cloak Cloak is a pluggable transport that works alongside traditional proxy tools like OpenVPN to evade deep-packet-inspection-based censorship. Cloak is not a standalone proxy program. Rather, it works by masquerading proxy tool’s traffic as normal...
NachoVPN NachoVPN is a Proof of Concept that demonstrates exploitation of SSL-VPN clients, using a rogue VPN server. It uses a plugin-based architecture so that support for additional SSL-VPN products can be contributed by...
KrbRelayEx KrbRelayEx is a tool designed for performing Man-in-the-Middle (MitM) attacks by relaying Kerberos AP-REQ tickets. It listens for incoming SMB connections and forwards the AP-REQ to the target host, enabling access to SMB...
FaceGSM FaceGSM designed for performing targeted adversarial attacks using the FGSM (Fast Gradient Sign Method) in Facial Recognition Embedding Model. FaceGSM revolutionizes security testing with a suite of innovative features, including: Static – Takes static images as input for FaceGSM. Capture – Takes image captured by...
bettercap bettercap is a powerful, easily extensible, and portable framework written in Go which aims to offer to security researchers, red teamers and reverse engineers an easy to use, all-in-one solution with all the features they...
KexecDDPlus This proof-of-concept is the result of a research project that aimed at extending the work of @floesen_ on the KsecDD Windows driver. It relies on Server Silos to access the KsecDD driver directly, without having...
Power Pwn Power Pwn is an offensive and defensive security toolset for Microsoft Power Platform. Disclaimer: These materials are presented from an attacker’s perspective to raise awareness of the risks of underestimating the security...
Linux Process Injection This repository contains proof-of-concept implementations of various Linux process injection primitives. This code is meant to provide simple examples of injection techniques in action, allowing defenders to understand how they work...
Fibratus Fibratus is a tool for exploration and tracing of the Windows kernel. It lets you trap system-wide events such as process life-cycle, file system I/O, registry modifications or network requests among many other observability signals. In a...
Spoofy Spoofy is a program that checks if a list of domains can be spoofed based on SPF and DMARC records. You may be asking, “Why do we need another tool that can check if...
Ldapper A GoLang tool to enumerate and abuse LDAP. Made simple. Ldapper was created with for use in offensive security engagements for user enumeration, group enumeration, and more. Ldapper uses familiar “net” commands such as...
NimPlant – A light first-stage C2 implant written in Nim and Python Feature Overview Lightweight and configurable implant wrote in the Nim programming language Pretty web GUI that will make you look cool...
Nuke It From Orbit With the precision of a brain surgeon wielding a chainsaw, nifo can obliterate most AV/EDR products from endpoints or servers running the world’s most popular operating system, even if they’re...
chisel Chisel is a fast TCP tunnel, transported over HTTP, secured via SSH. Single executable including both client and server. Written in Go (golang). It is mainly useful for passing through firewalls, though it...
ShadowDumper Shadow Dumper is a powerful tool used to dump LSASS (Local Security Authority Subsystem Service) memory, often needed in penetration testing and red teaming activities. It offers flexible options to users and uses...
