Boot-to-Breach red team lab on AWS. Mythic, Sliver, and Havoc C2 behind a production-style Apache redirector. Deployed via Terraform, to be used for training/self hosted environments.

Data pipelines for cloud config and security data. Build cloud asset inventory, CSPM, FinOps, and vulnerability management solutions. Extract from AWS, Azure, GCP, and 70+ cloud and SaaS sources.

The Mimikatz Missing Manual

A comprehensive framework for analyzing and defending against attacks targeting Software Development Life Cycle Infrastructure.

Weaponize signed .NET ClickOnce applications for initial access by hijacking a dependency DLL via AppDomainManager injection and loading a C# port of ProxyBlob Agent.

Hands-on projects for beginners to learn and practice Active Directory monitoring using various tools.

Official MCP Servers for AWS

Security automation with n8n ideas: 100+ Red/Blue/AppSec workflows, integrations, and ready-to-run playbooks.

AutoPentestX – Automated Pentesting & Vulnerability Reporting Tool

Convert Microsoft Defender Antivirus Signatures (VDM) into SQL DB

some KQL Queries for Advanced Hunting

A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more efficient.

This publication is a collection of various common attack scenarios on Microsoft Entra ID (formerly known as Azure Active Directory) and how they can be mitigated or detected.

macOS Initial Access Payload Generator

C2-agnostic BOF collection, categorized by attack chain phase. Designed to be small and modular, allowing for quick execution and automation.

Beacon Object File (BOF) port of DumpGuard for extracting NTLMv1 hashes from sessions on modern Windows systems.

A Beacon Object File (BOF) that performs the complete ESC1 attack chain in a single execution: certificate request with arbitrary SAN (+SID), PKINIT authentication, and NT hash extraction via UnPAC…

C2concealer is a command line tool that generates randomized C2 malleable profiles for use in Cobalt Strike.

A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls

PentestAgent is an AI agent framework for black-box security testing, supporting bug bounty, red-team, and penetration testing workflows.

AppLocker-Based EDR Neutralization

Adversary tradecraft detection, protection, and hunting

A collection of intel and usernames scraped from various cybercrime sources & forums. DarkForums, HackForums, Patched, Cracked, BreachForums, LeakBase, XSS, Dread, & more

Splunk Boss of the SOC version 3 dataset.

Azure Sentinel KQL

Code included as part of the MustLearnKQL blog series

Modern security products (CrowdStrike, Bitdefender, SentinelOne, etc.) hook the nLoadImage function inside clr.dll to intercept and scan in-memory .NET assembly loads. This tool unhooks that functi…