Neo-reGeorg is a project that seeks to aggressively refactor reGeorg

A version of NetLoader, Execute Assemblies and Bypass ETW and AMSI using Hardware Breakpoints

M365/Azure adversary simulation tool that generates realistic attack telemetry to help blue teams improve their detection and response capabilities.

Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication

Aims to identify sleeping beacons

WPTaskScheduler RPC Persistence & CVE-2024-49039 via Task Scheduler

A tabbed UI for Microsoft's Hyper-V

PowerShell Pass The Hash Utils

AD Miner is an Active Directory audit tool that leverages cypher queries to crunch data from the #Bloodhound graph database to uncover security weaknesses

Local Service to SYSTEM privilege escalation from Windows 7 to Windows 10 / Server 2019

.net config loader

Azure JWT Token Manipulation Toolset

Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) PhantomThread (An evolved callstack-masking implementation)

A Windows function hook detection / unhooking tool written in C.

The following two code samples can be used to understand the difference between direct syscalls and indirect syscalls

Fermion, an electron wrapper for Frida & Monaco.

Modify managed functions from unmanaged code

Patch AMSI and ETW

JavaScript payload and supporting software to be used as XSS payload or post exploitation implant to monitor users as they use the targeted application. Also includes a C2 for executing custom Java…

Contains decomplied code of all the .net dlls for framework 4.5

.NET embedding of Wasmtime https://bytecodealliance.github.io/wasmtime-dotnet/

The original sources of MS-DOS 1.25, 2.0, and 4.0 for reference purposes

POC for unauthenticated RCE in Aspect Unified Installation Assistant by Aspect Software found in 2021.

Shoggoth: Asmjit Based Polymorphic Encryptor

Hellsgate + Halosgate/Tartarosgate. Ensures that all systemcalls go through ntdll.dll

game of active directory

Aplos an extremely simple fuzzer for Windows binaries.

This publication is a collection of various common attack scenarios on Microsoft Entra ID (formerly known as Azure Active Directory) and how they can be mitigated or detected.

An LLVM/Clang/LLD based mingw-w64 toolchain

really ?