Host CLR and run .NET binaries using Rust

.NET post-exploitation toolkit for Active Directory reconnaissance and exploitation

Identify common EDR processes, directories, and services. Simple BOF of Invoke-EDRChecker.

Tool to decrypt App-Bound encrypted keys in Chrome 127+, using the IElevator COM interface with path validation and encryption protections.

Python tool to interact with WMI StdRegProv

Records an executable's network activity into a Full Packet Capture file (.pcap) and much more.

Tool designed to find folder exclusions using Windows Defender using command line utility MpCmdRun.exe as a low privileged user, without relying on event logs

A Powershell AMSI Bypass technique via Vectored Exception Handler (VEH). This technique does not perform assembly instruction patching, function hooking or Import Address Table (IAT) modification.

ServiceLens is a Python tool for analyzing services linked to Microsoft 365 domains. It scans DNS records like SPF and DMARC to identify services, categorizing them into Email, Cloud, Security, and…

.NET deserialization hunter

A tool to modify SCCM remote control settings on the client machine, enabling remote control without permission prompts or notifications. This can be done without requiring access to SCCM server.

A tiny tool built to help AD Admins safely utilize the Protected Users group.

Living off the land searches for explorer and sharepoint

Extract and execute a PE embedded within a PNG file using an LNK file.

Dynamically resolve API function addresses at runtime in a secure manner.

Assess the security of your Active Directory with few or all privileges.

A new technique that can be used to bypass memory scanners. This can be useful in hiding problematic code (such as reflective loaders implemented by C2 beacons) or other problematic executables tha…

Python3 rewrite of AsOutsider features of AADInternals

Secure multithreaded packet sniffer

MaLDAPtive is a framework for LDAP SearchFilter parsing, obfuscation, deobfuscation and detection.

rust library for performing remote process injection, originally written for use in Tempest c2 project

Active Directory data ingestor for BloodHound Community Edition written in Rust. 🦀

Executing a .NET Assembly from C++ in Memory (CLR Hosting)

Utilities for Pentesting with BloodHound

Automated exploitation of MSSQL servers at scale

This tool leverages the Process Forking technique using the RtlCreateProcessReflection API to clone the lsass.exe process. Once the clone is created, it utilizes MINIDUMP_CALLBACK_INFORMATION callb…

Some Rust program I wrote while learning Malware Development