kibercthulhu's Stars
carlospolop/PEASS-ng
PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)
zeek/zeek
Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.
microsoft/Detours
Detours is a software package for monitoring and instrumenting API calls on Windows. It is distributed in source code form.
ElevenPaths/FOCA
Tool to find metadata and hidden information in the documents.
hfiref0x/KDU
Kernel Driver Utility
Accenture/Spartacus
Spartacus DLL/COM Hijacking Toolkit
login-securite/DonPAPI
Dumping DPAPI credz remotely
TrimarcJake/Locksmith
A small tool built to find and fix common misconfigurations in Active Directory Certificate Services.
Cracked5pider/ShellcodeTemplate
An easily modifiable shellcode template for Windows x64/x86
klezVirus/SilentMoonwalk
PoC Implementation of a fully dynamic call stack spoofer
redteamsocietegenerale/DLLirant
DLLirant is a tool to automatize the DLL Hijacking researches on a specified binary.
wbenny/KSOCKET
KSOCKET provides a very basic example how to make a network connections in the Windows Driver by using WSK
Maldev-Academy/HellHall
Performing Indirect Clean Syscalls
trustedsec/orpheus
Bypassing Kerberoast Detections with Modified KDC Options and Encryption Types
Coldzer0/ReverseSock5Proxy
A tiny Reverse Sock5 Proxy written in C :V
MWR-CyberSec/PXEThief
PXEThief is a set of tooling that can extract passwords from the Operating System Deployment functionality in Microsoft Endpoint Configuration Manager
tyranid/WindowsRpcClients
This respository is a collection of C# class libraries which implement RPC clients for various versions of the Windows Operating System from 7 to Windows 10.
jaredcatkinson/PSReflect-Functions
Module to provide PowerShell functions that abstract Win32 API functions
blasty/lexmark
D1rkMtr/FilelessNtdllReflection
Bypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID to avoid opening a handle to ntdll, and trigger exported API from the export table
SikretaLabs/BlueMap
A Azure Exploitation Toolkit for Red Team & Pentesters
enkomio/BrokenFlow
A simple PoC to invoke an encrypted shellcode by using an hidden call
bohops/RogueAssemblyHunter
Rogue Assembly Hunter is a utility for discovering 'interesting' .NET CLR modules in running processes.
dosxuz/PerunsFart
This is my own implementation of the Perun's Fart technique by Sektor7
DallasFR/WalkerGate
Find syscall
humio/security_monitoring
stufus/parse-mimikatz-log
A relatively flexible tool to parse mimikatz output
0xTriboulet/ZeroTotal
A collection of source code, binaries, and compilation scripts designed to bypass detection
MWR-CyberSec/configmgr-cryptderivekey-hashcat-module
Hashcat module that can crack a password used to derive an AES-128 key with CryptDeriveKey from CryptoAPI
EvanMcBroom/w32t-client
An example MS-W32T client to show how to use midl.exe in a project managed by CMake