Tools for Kerberos PKINIT and relaying to AD CS

Disconnected GPO Editor - A Group Policy Manager launcher to allow editing of domain GPOs from non-domain joined machines

Process injection alternative

Kernel mode WinDbg extension and PoCs for token privilege investigation.

Ask a TGS on behalf of another user without password

Octoscan is a static vulnerability scanner for GitHub action workflows.

TREVORspray is a modular password sprayer with threading, clever proxying, loot modules, and more!

A collection of awesome one-liner scripts especially for bug bounty tips.

Pre-Built Vulnerable Environments Based on Docker-Compose

PowerShell rebuilt in C# for Red Teaming purposes

An automated phishing tool with 30+ templates. This Tool is made for educational purpose only ! Author will not be responsible for any misuse of this toolkit !

An open-source project in Golang to asess different API Security tools and WAF for detection logic and bypasses

Web Application Firewall Testing Framework - Go version

Testing datasets and tools to compare WAF efficacy

🔥 Web-application firewalls (WAFs) from security standpoint.

Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.

A PowerShell script to perform PKINIT authentication with the Windows API from a non domain-joined machine.

I will update it soon for now. Abuse Github issue comment attachment to use GitHub as a stealthy C2

The Network Execution Tool

A Stealthy Lsass Dumper - can abuse ProcExp152.sys driver to dump PPL Lsass, no dbghelp.lib calls.

OWASP PTK - application security browser extension.

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static a…

Automated Adversary Emulation Platform

A curated list of GPT agents for cybersecurity

An ADCS Exploitation Automation Tool Weaponizing Certipy and Coercer

A curated list of free courses & certifications.

shellcode loader for your evasion needs

Fast and configurable TLS grabber focused on TLS based data collection.

A tool which bypasses AMSI (AntiMalware Scan Interface) and PowerShell CLM (Constrained Language Mode) and gives you a FullLanguage PowerShell reverse shell.

getsystem via parent process using ps1 & embeded c#