Kerlab A Rust implementation of Kerberos for FUn and Detection Kerlab was developed just to drill down kerberos protocol and better understand it. The main purpose is to write more targeted detection rules. kerasktgt Kerberos Ask...
Jailer is an eBPF-based process jailing system that provides mandatory access control (MAC) for Linux. It tracks processes using BPF task_storage maps and enforces role-based policies on file access, network operations, and process execution....
JA4+ Network Fingerprinting JA4+ is a suite of network fingerprinting methods that are easy to use and easy to share. These methods are both human and machine-readable to facilitate more effective threat-hunting and analysis....
hollows_hunter Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches). It is an application based on PE-sieve (a library version), so there is a big overlap...
systeminformer A free, powerful, multi-purpose tool that helps you monitor system resources, debug software and detect malware. Brought to you by Winsider Seminars & Solutions, Inc. Features A detailed overview of system activity with...
go-exploit: Go Exploit Framework go-exploit is an exploit development framework for Go. The framework helps exploit developers create small, self-contained, portable, and consistent exploits. Many proof-of-concept exploits rely on interpreted languages with complicated packaging...
VMkatz Extract Windows credentials directly from VM memory snapshots and virtual disks You are three weeks into a red team engagement. Your traffic crawls through a VPN, then bounces across four SOCKS proxies chained...
Microsoft-Extractor-Suite is a fully-featured, actively-maintained, Powershell tool designed to streamline the process of collecting all necessary data and information from various sources within Microsoft. The following Microsoft data sources are supported: Unified Audit Log...
GraphRunner GraphRunner is a post-exploitation toolset for interacting with the Microsoft Graph API. It provides various tools for performing reconnaissance, persistence, and pillaging of data from a Microsoft Entra ID (Azure AD) account. It...
IronPE is a minimal Windows PE manual loader written in Rust for both x86 and x64 PE files. The goal of IronPE is to explore how Windows loads Portable Executables internally and to demonstrate...
TailVNC A Windows remote desktop persistence tool built on top of Tailscale’s WireGuard-encrypted mesh network. TailVNC embeds a fully self-contained VNC server and Tailscale node into a single binary, enabling secure remote desktop access...
PentAGI PentAGI is an innovative tool for automated security testing that leverages cutting-edge artificial intelligence technologies. The project is designed for information security professionals, researchers, and enthusiasts who need a powerful and flexible solution...
