Webcam capture capability for Cobalt Strike as a BOF, with in-memory download options

CaptainCredz is a modular and discreet password-spraying tool.

A suite of services (SOCKS, FTP, shell, etc.) over Citrix, VMware Horizon and native Windows RDP virtual channels.

Linux kernel rootkit

IPSpinner works as a local proxy that redirects requests through external services.

Payload development framework

LDAP library for auditing MS AD

Damn Vulnerable UEFI

Various tips & tricks

Make BASH stealthy and hacker friendly with lots of bash functions

real time face swap and one-click video deepfake with only a single image (uncensored)

Achieve arbitrary kernel read/writes/function calling in Hypervisor-Protected Code Integrity (HVCI) protected environments calling without admin permissions or kernel drivers.

A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the server.

ADExplorerSnapshot.py is an AD Explorer snapshot ingestor for BloodHound.

Rewrite to fit my needs

An easily modifiable shellcode template for Windows x64/x86

Security-oriented list of resources about industrial network protocols.

Python tool to check rootkits in Windows kernel

Neo-reGeorg is a project that seeks to aggressively refactor reGeorg

Dump lsass using only Native APIs by hand-crafting Minidump files (without MinidumpWriteDump!)

👻Stowaway -- Multi-hop Proxy Tool for pentesters

Various resources to enhance Cobalt Strike's functionality and its ability to evade antivirus/EDR detection

BloodyAD is an Active Directory Privilege Escalation Framework

A BOF that runs unmanaged PEs inline

C# API for Nidhogg rootkit

Admin to Kernel code execution using the KSecDD driver