This repository provides penetration testers and red teams with an extensive collection of dynamic phishing templates designed specifically for use with Evilginx3. May be updated periodically.

Extract URLs, paths, secrets, and other interesting bits from JavaScript

A very simple lab to demo some Terraform, DSC, Inspec and Gitlab CI

A swiss army knife for pentesting networks

A collection of proof-of-concept source code and scripts for executing remote commands over WinRM using the WSMan.Automation COM object

Real fucking shellcode encryptor & obfuscator tool

An open-source, free protector for .NET applications

Malicious Shortcut(.lnk) Generator

This lightweight C# demo application showcases interactive remote shell access via named pipes and the SMB protocol.

A more reliable way of resolving syscall numbers in Windows

A POC of a new “threadless” process injection technique that works by utilizing the concept of DLL Notification Callbacks in local and remote processes.

scan for NTLM directories

An offensive security toolset for Microsoft 365 focused on Microsoft Copilot, Copilot Studio and Power Platform

Execute shellcode from a remote-hosted bin file using Winhttp.

Lateral Movement Using DCOM and DLL Hijacking

Shellcode Loader Implementing Indirect Dynamic Syscall , API Hashing, Fileless Shellcode retrieving using Winsock2

Windows API Hashing Proof of Concept in C++

A collection of tools Neil and Andy have been working on released in one place and interlinked with previous tools

An IIS short filename enumeration tool

A tool to recover content from files encrypted with intermittent encryption

CrimeFlare is a useful tool for bypassing websites protected by CloudFlare WAF, with this tool you can easily see the real IP of websites that have been protected by CloudFlare. The resulting infor…

Custom Query list for the Bloodhound GUI based off my cheatsheet

Find DLLs with RWX section

A keystroke logger targeting the Remote Desktop Protocol (RDP) related processes, It utilizes a low-level keyboard input hook, allowing it to record keystrokes in certain contexts (like in mstsc.ex…

Asset inventory of over 800 public bug bounty programs.

Steganography (LSB) on MPEG-4 Part 14 format video files.