Zombie Ant Farm: Primitives and Offensive Tooling for Linux EDR evasion.

Hybrid AD utilities for ROADtools

A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate, integrate, and enhance Cobalt Strike's evasion features!

A set of fully-undetectable process injection techniques abusing Windows Thread Pools

A Post-exploitation Toolset for Interacting with the Microsoft Graph API

Azure Data Exporter for BloodHound

Azure DevOps Services Attack Toolkit

Azure DevOps Services Attack Toolkit

Deserialization payload generator for a variety of .NET formatters

Extension functionality for the NightHawk operator client

Extension functionality for the NightHawk operator client

Open Resource Files in Armitage with Cortana

Active Directory certificate abuse.

Mimikatz implementation in pure Python

Read the contents of MS Word Documents using Cobalt Strike's Execute-Assembly

Fermion, an electron wrapper for Frida & Monaco.

Contains all the material from the DEF CON 31 workshop "(In)direct Syscalls: A Journey from High to Low".

LibreHealth v2.0.0 suffers from an authenticated file upload vulnerability allowing remote attackers to gain remote code execution (RCE) on the hosting webserver via uploading a maliciously crafted…

Azure Outlook Command & Control (C2) - Remotely control a compromised Windows Device from your Outlook mailbox. Threat Emulation Tool for North Korean APT InkySquid / ScarCruft / APT37. TTP: Use Mi…

RCE exploit for CVE-2023-3519

Decrypt encrypted Fortienet FortiOS firmware images

A download of code without integrity check vulnerability in the "execute restore src-vis" command of FortiOS before 7.0.3.

An exploit for CVE-2022-42475, a pre-authentication heap overflow in Fortinet networking products

Indirect Dynamic Syscall, SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird + Spawns a sacrificial Process as target process + (ACG+Bloc…

POC code to exploit the Heap overflow in Fortinet's SSLVPN daemon

Safely detect whether a FortiGate SSL VPN instance is vulnerable to CVE-2023-27997 based on response timing

This tool lets you search your gadgets on your binaries to facilitate your ROP exploitation. ROPgadget supports ELF, PE and Mach-O format on x86, x64, ARM, ARM64, PowerPC, SPARC, MIPS, RISC-V 64, a…

LOLAPPS is a compendium of applications that can be used to carry out day-to-day exploitation.

Cobalt Strike BOF that uses a custom ASM HalosGate & HellsGate syscaller to return a list of processes