Stars
Userland exec PoC to be used as attack vector technique
A companion tool that uses ADeleg to find insecure trustee and resource delegations in Active Directory
Proof-of-concept implementation of AI-enabled postex DLLs
Run PowerShell command without invoking powershell.exe
Autonomous Assumed Breach Penetration-Testing Active Directory Networks
Remote DLL Injection with Timer-based Shellcode Execution
A collection of awesome resources related AI security
Collection of agent skills that turn your AI coder into a SAST scanner
Stage-aware security skills for Codex, Claude Code, and OpenCode, with explicit compatibility guidance for Cursor and Kilo.
Find, verify, and analyze leaked credentials
yenick514 / KslKatz
Forked from vergamota/KslKatzCombining KslDump and GhostKatz to dump LSASS using no-fix KslD.sys memory read to bypass PPL. Extracts MSV1_0 NT hashes and WDigest cleartext passwords (if enabled) from LSASS using a Microsoft-si…
Ghostsurf is a powerful tool for online privacy and anonymity. With features like anonymous browsing and encrypted communication, it empowers users to navigate the internet securely, leveraging the…
Extract URLs, paths, secrets, and other interesting bits from JavaScript
The samples referenced in my book, Evasive Malware (No starch Press)
Discover how every _CL table gets its data into Microsoft Sentinel. Scans Logic Apps, Azure Functions, AMA agents, Arc machines, DCRs, and diagnostic settings. Generates a self-contained HTML repor…
(Ulusal Siber Olaylara Müdahale Merkezi Kara Liste Uygulaması) Kullanıcının Tarayıcısından girdiği site bağlantısının USOM Zararlı Bağlantılar arasındaysa kullanıcıya uyarı veren eklenti.
Telephasma is an OSINT-focused tool designed to automate the analysis of Telegram gift exchange behavior. It replaces manual profile-by-profile investigation by systematically correlating gifting p…
Step through PE functions or shellcode instruction-by-instruction (amd64)
Independent technology for modern publishing, memberships, subscriptions and newsletters.
Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Coba…
Stage-aware security skills for Codex that surface planning gaps, offer opt-in reviews, and help teams ship safer code without pretending to certify security.
The ultimate Red Team toolkit for phishing operations.
PowerShell SharePoint extraction + auditing tool for red/blue/purple teams. Enumerates all SharePoint sites/drives a user can access via Microsoft Graph, recursively downloads files, and logs every…