Attack and defend active directory using modern post exploitation adversary tradecraft activity

The Official USB Rubber Ducky Payload Repository

Community-driven baseline to accelerate Intune adoption and learning.

Copy, export, import, delete, document and compare policies and profiles in Intune and Azure with PowerShell script and WPF UI. Import ADMX files and registry settings with ADMX ingestion. View and…

AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.

The openSquat is an open-source tool for detecting domain look-alikes by searching for newly registered domains that might be impersonating legit domains and brands.

Open source codebase powering the HuggingChat app

PowerSploit - A PowerShell Post-Exploitation Framework

Nidhogg is an all-in-one simple to use windows kernel rootkit.

Metadata harvester

Enumerate Domain Data

A little tool to play with Windows security

.NET Project for performing Authenticated Remote Execution

Empire is a PowerShell and Python post-exploitation agent.

Fileless attack with persistence

TaskMgr Volatile Environment LPE

.NET 4.0 CLR Project to retrieve Chromium data, such as cookies, history and saved logins.

Impacket is a collection of Python classes for working with network protocols.

Find vulnerabilities in AD Group Policy, but do it better than Grouper2 did.

A collection of Azure AD/Entra tools for offensive and defensive security purposes

Kerberos unconstrained delegation abuse toolkit

Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authenticat…

DDSpoof is a tool that enables DHCP DNS Dynamic Update attacks against Microsoft DHCP servers in AD environments.