Stars
Web UI for training and running open models like Gemma 4, Qwen3.5, DeepSeek, gpt-oss locally.
High-performance browser automation bridge and multi-instance orchestrator with advanced stealth injection and real-time dashboard.
A deliberately vulnerable Microsoft Entra ID environment. Learn identity security through hands-on, realistic attack challenges.
Proof-of-Concept tool for extracting NTLMv1 hashes from sessions on modern Windows systems.
Decrypt GlobalProtect configuration and cookie files.
Automatically extract and decrypt all configured scanning credentials of a Lansweeper instance.
Egress-Assess is a tool used to test egress data detection capabilities
bbs is a router for SOCKS and HTTP proxies. It exposes a SOCKS5 (or HTTP CONNECT) service and forwards incoming requests to proxies or chains of proxies based on the request's target. Routing can b…
Research into Undocumented Behavior of Azure AD Refresh Tokens
PoC to coerce authentication from Windows hosts using MS-WSP
A flexible tool for redirecting a given program's TCP traffic to SOCKS5 or HTTP proxy.
DavRelayUp - a universal no-fix local privilege escalation in domain-joined windows workstations where LDAP signing is not enforced (the default settings).
TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts
Windows rootkit for Intel x64 with 25+ features, demonstrating rootkit techniques compatible with all Windows 10 and Windows 11 versions.
SCCMHunter is a post-ex tool built to streamline identifying, profiling, and attacking SCCM related assets in an Active Directory domain.
Python version of the C# tool for "Shadow Credentials" attacks
Situational Awareness commands implemented using Beacon Object Files
Python based Bloodhound data converter from the legacy pre 4.1 format to 4.1+ format