Sauron Fast context enumeration for newly obtained Active Directory credentials. Why Sauron? When you obtain fresh credentials (password spraying, phishing, hash replay, etc.), the first thing you need is context: Who is this account...
Singularity is a powerful Linux Kernel Module (LKM) rootkit designed for modern 6.x kernels. It provides comprehensive stealth capabilities through advanced system call hooking via ftrace infrastructure. What is Singularity? Singularity is a sophisticated rootkit...
ChromeAlone is a browser implant that can be used in place of conventional implants like Cobalt Strike or Meterpreter. This repo provides a simple build process that will generate a management console, deploy infrastructure,...
OAuthSeeker is an red team tool for performing phishing attacks using malicious OAuth applications to compromise user identities within Microsoft Azure and Office365. Features OAuthSeeker provides the following key features: Azure App OAuth Phishing: Perform OAuth...
FusterCluck is a POC script for attacking failover clusters via the cluster API over RPC. The tool allows enumeration of cluster nodes and the state of cluster roles. If an attacker has control of...
BamboozlEDR A comprehensive ETW (Event Tracing for Windows) event generation tool designed for testing and research purposes. BamboozlEDR features a TUI interface and can generate realistic security events across multiple Windows ETW providers to...
EntraGoat is a deliberately vulnerable Microsoft Entra ID infrastructure designed to simulate real-world identity security misconfigurations and attack vectors. EntraGoat introduces intentional vulnerabilities in your environment to provide a realistic learning platform for security professionals....
DCOMRunAs instantiates COM objects in the session of a logged-on user on a remote machine. By targeting a COM object subject to DLL hijacking and dropping a custom DLL at that path, the payload...
RedExt is a sophisticated browser data analysis framework designed for authorized red team operations. It combines a Manifest V3 Chrome extension with a Flask-based C2 server to provide comprehensive browser data collection and analysis...
RingReaper is a simple post-exploitation agent for Linux designed for those who need to operate stealthily, minimizing the chances of being detected by EDR solutions. The idea behind this project was to leverage io_uring, the new...
RAITrigger The RPC-function RAiForceElevationPromptForCOM from the appinfo.dll library allows SYSTEM coercion. This only works on domain joined systems. It turns out, that this function can be called from any low privileged user (not to spawn a process) but to...
Golden dMSA This tool exploits a new attack against delegated Managed Service Accounts called the “Golden DMSA” attack. The technique allows attackers to generate passwords for all associated dMSAs offline. Additional information is available...
