abusing windows toast notifications for fun and user manipulation

This cheatsheet maps common impacket workflows to their modern alternatives

CTRL-ESC-HOST is an assessment methodology for testing for security flaws in Kiosks and Presented Applications.

A Cobalt Strike RL built with Crystal Palace — module overloading, NtContinue entry transfer, call stack spoofing, sleep masking, and static signature removal.

Generate a bunch of malicious pdf files with phone-home functionality. Can be used with Burp Collaborator

Overview of MS Defender

Unwaf is a Go tool designed to help identify WAF bypasses using passive techniques, such as: SPF records and DNS history. By default, Unwaf will check SPF records.

dcsync bof

Project for generating and identifying deceptive LNK files.

Beacon Object File for Cobalt Strike that executes .NET assemblies in beacon with evasion techniques.

Identify Azure AD resources that issue tokens without MFA enforcement using the ROPC grant flow.

SilentButDeadly is a network communication blocker specifically designed to neutralize EDR/AV software by preventing their cloud connectivity using Windows Filtering Platform (WFP). This version fo…

BOF to steal Teams cookies

A PICO for Crystal Palace that implements CLR hosting to execute a .NET assembly in memory.

A BOF that's a BOF Loader

Bypass WiFi client isolation on Open and WPA2-PSK networks

ClickForClickOnce - Generate configurable clickonce payloads

adws enumeration bof

IP Rotation from different providers - Like FireProx but for GCP, Azure, Alibaba and CloudFlare

A Beacon Object File (BOF) for Havoc/CS to Bypass PPL and Dump Lsass

Payloads for AI Red Teaming and beyond

Random BOFs for LDAP tradecraft

load shellcode without P/D Invoke and VirtualProtect call.

A tool to transform Chromium browsers into a C2 Implant

Beacon Object File (BOF) to retrieve and decrypt the the LAPSv2 password from the Windows Active Directory and Microsoft Azure/Entra Active Directory.

A small collection of Crystal Palace PIC loaders designed for use with Cobalt Strike

Local SYSTEM auth trigger for relaying - X