PowerSploit - A PowerShell Post-Exploitation Framework

Six Degrees of Domain Admin

Nishang - Offensive PowerShell for red team, penetration testing and offensive security.

A collection of software installations scripts for Windows systems that allows you to easily setup and maintain a reverse engineering environment on a VM.

Empire is a PowerShell and Python post-exploitation agent.

Complete Mandiant Offensive VM (Commando VM), a fully customizable Windows-based pentesting virtual machine distribution. commandovm@mandiant.com

K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jboss/DotNetN…

The Official USB Rubber Ducky Payload Repository

Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers.

Red Teaming Tactics and Techniques

PowerShell Obfuscator

MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords, insider intel, network architecture information, etc.). It ca…

A repository of sysmon configuration modules

A collection of more than 170+ tools, scripts, cheatsheets and other loots that I've developed over years for Red Teaming/Pentesting/IT Security audits purposes.

My musings with PowerShell

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

PowerTools is a collection of PowerShell projects with a focus on offensive operations.

A proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.

The goal of this repository is to document the most common techniques to bypass AppLocker.

DomainPasswordSpray is a tool written in PowerShell to perform a password spray attack against users of a domain. By default it will automatically generate the userlist from the domain. BE VERY CAR…

PowerShell script to quickly find missing software patches for local privilege escalation vulnerabilities.

A post-exploitation powershell tool for extracting juicy info from memory.

A tool for checking if MFA is enabled on multiple Microsoft Services

Chimera is a PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.

Sparrow.ps1 was created by CISA's Cloud Forensics team to help detect possible compromised accounts and applications in the Azure/m365 environment.

Threat Pursuit Virtual Machine (VM): A fully customizable, open-sourced Windows-based distribution focused on threat intelligence analysis and hunting designed for intel and malware analysts as wel…

A PowerShell script anti-virus evasion tool

A collection of Red Team focused tools, scripts, and notes

Open source C2 server created for stealth red team operations

Advanced Sysmon ATT&CK configuration focusing on Detecting the Most Techniques per Data source in MITRE ATT&CK, Provide Visibility into Forensic Artifact Events for UEBA, Detect Exploitation events…