A technique that can be used to bypass AV/EDR memory scanners. This can be used to hide well-known and detected shellcodes (such as msfvenom) by performing on-the-fly decryption of individual encry…

Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.

A Nmap XSL implementation with Bootstrap.

Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud.

Search exposed EBS volumes for secrets

📙 Markdown Templates for Offensive Security OSCP, OSWE, OSCE, OSEE, OSWP exam report

A pandoc LaTeX template to convert markdown files to PDF or LaTeX.

Masters of Science in CyberSecurity Project

Small and highly portable detection tests based on MITRE's ATT&CK.

Send phishing messages and attachments to Microsoft Teams users

PowerShell runner for executing malicious payloads in order to bypass Windows Defender.

Callisto - An Intelligent Binary Vulnerability Analysis Tool

Villain is a high level stage 0/1 C2 framework that can handle multiple reverse TCP & HoaxShell-based shells, enhance their functionality with additional features (commands, utilities) and share th…

Offensive Security OSCP, OSWP, OSEP, OSWA, OSWE, OSED, OSMR, OSEE, OSDA Exam and Lab Reporting / Note-Taking Tool

Recurrent Neural Network SubDomain Discovery Tool

The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.

Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readines…

Common password pattern generator using strings list

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

Use Python to download files from SQL Reporting Services using NTLM authentication.

A unique technique to execute binaries from a password protected zip

A C# tool with more flexibility to customize scheduled task for both persistence and lateral movement in red team operation

Youtube as covert-channel - Control systems remotely and execute commands by uploading videos to Youtube

Exfiltration based on custom X509 certificates

Converts Python source to C#

Collection of malware source code for a variety of platforms in an array of different programming languages.

A simple remote tool in C#.

A collection of modern/faster/saner alternatives to common unix commands.

Joplin - the privacy-focused note taking app with sync capabilities for Windows, macOS, Linux, Android and iOS.