A Beacon Object File (BOF) that performs the complete ESC1 attack chain in a single execution: certificate request with arbitrary SAN (+SID), PKINIT authentication, and NT hash extraction via UnPAC…

C2concealer is a command line tool that generates randomized C2 malleable profiles for use in Cobalt Strike.

A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls

PentestAgent is an AI agent framework for black-box security testing, supporting bug bounty, red-team, and penetration testing workflows.

AppLocker-Based EDR Neutralization

Adversary tradecraft detection, protection, and hunting

A collection of intel and usernames scraped from various cybercrime sources & forums. DarkForums, HackForums, Patched, Cracked, BreachForums, LeakBase, & more

Splunk Boss of the SOC version 3 dataset.

Azure Sentinel KQL

Code included as part of the MustLearnKQL blog series

Modern security products (CrowdStrike, Bitdefender, SentinelOne, etc.) hook the nLoadImage function inside clr.dll to intercept and scan in-memory .NET assembly loads. This tool unhooks that functi…

Update funcap to be able to run in ida 9.1

Malicious PixelCode is a security research project that demonstrates a covert technique for encoding executable files into pixel data and storing them inside images or videos. A lightweight loader …

Windows Driver designed to validate the integrity of User-Mode call stacks from Ring 0 (AMD IBS / Instruction Based Sampling)

Miscellaneous stuff I create

Generate backdoored RSA keys using SETUP

UAC Bypass using UIAccess program QuickAssist

Gain insights into COM/DCOM implementations that may be vulnerable using an automated approach and make it easy to visualize the data. By following this approach, a security researcher will hopeful…

How to Zeek Sysmon Logs!

JA4+ is a suite of network fingerprinting standards

Windows User-Mode Shellcode Development Framework (WUMSDF)

A Model Context Protocol server that connects AI assistants like Claude to AWS security services, allowing them to autonomously query, inspect, and analyze AWS infrastructure for security issues an…

Venom C2 is a dependency‑free Python3 Command & Control framework for redteam persistence

Damn Vulnerable CICS Application

UAC bypass, Elevate, Persistence methods

AWS MCP Proxy Server

Collection of Cyber Threat Intelligence sources from the deep and dark web

Bypass YARA rule Windows_Trojan_CobaltStrike_f0b627fc by generating alternative shellcode sequences.

Basic network sec tool for real-time threat detection and C2 communication prevention. Features 70+ detection modules, IOC integration, customizable alerts, and a dashboard with analytics. API-read…

Projected developed for fun only that simulates APT 29 and Lockbit TTPs, showcasing phishing, ISO execution, and DLL proxying for persistence and privilege escalation.