Signature Kid is a header only tool that steals a signature from a file and copy it to whathever file you want.
Beyond Stealing, Signature Kid goes a step further by Windows Internal to trick the system to treat the copied signature as valid.
https://github.com/dslee2022/SignatureKid
Beyond Stealing, Signature Kid goes a step further by Windows Internal to trick the system to treat the copied signature as valid.
https://github.com/dslee2022/SignatureKid
GitHub
GitHub - dslee2022/SignatureKid
Contribute to dslee2022/SignatureKid development by creating an account on GitHub.
BaldHead is a modular and interactive Active Directory (AD) attack framework built for red teamers and security testers. It automates enumeration and exploitation of AD misconfigurations
https://github.com/ahmadallobani/BaldHead
https://github.com/ahmadallobani/BaldHead
GitHub
GitHub - ahmadallobani/BaldHead: BaldHead is a modular and interactive Active Directory (AD) attack framework built for red teamers…
BaldHead is a modular and interactive Active Directory (AD) attack framework built for red teamers and security testers. It automates enumeration and exploitation of AD misconfigurations - ahmadall...
Decrypt SCCM and DPAPI secrets with Powershell.
https://github.com/The-Viper-One/Invoke-PowerDPAPI
https://github.com/The-Viper-One/Invoke-PowerDPAPI
GitHub
GitHub - The-Viper-One/Invoke-PowerDPAPI: Decrypt SCCM and DPAPI secrets with Powershell.
Decrypt SCCM and DPAPI secrets with Powershell. . Contribute to The-Viper-One/Invoke-PowerDPAPI development by creating an account on GitHub.
This media is not supported in your browser
VIEW IN TELEGRAM
This is PoC for CVE-2025-48799, an elevation of privilege vulnerability in Windows Update service.
https://github.com/Wh04m1001/CVE-2025-48799
https://github.com/Wh04m1001/CVE-2025-48799
Client-side Encrypted Upload Server Python Script
https://github.com/vysecurity/ExfilServer
https://github.com/vysecurity/ExfilServer
GitHub
GitHub - vysecurity/ExfilServer: Client-side Encrypted Upload Server Python Script
Client-side Encrypted Upload Server Python Script. Contribute to vysecurity/ExfilServer development by creating an account on GitHub.
Critical vulnerability in Windows Server 2025 allows attackers with KDS root key access to generate passwords for all dMSA/gMSA accounts forest-wide. New research reveals design flaw in ManagedPasswordId structure - only 1,024 possible combinations makes brute-force trivial.
https://github.com/Semperis/GoldenDMSA
https://www.semperis.com/blog/golden-dmsa-what-is-dmsa-authentication-bypass/
https://github.com/Semperis/GoldenDMSA
https://www.semperis.com/blog/golden-dmsa-what-is-dmsa-authentication-bypass/
GitHub
GitHub - Semperis/GoldenDMSA: This tool exploits Golden DMSA attack against delegated Managed Service Accounts.
This tool exploits Golden DMSA attack against delegated Managed Service Accounts. - Semperis/GoldenDMSA
CVE-2025-53770 exploit
https://github.com/soltanali0/CVE-2025-53770-Exploit
https://github.com/soltanali0/CVE-2025-53770-Exploit
GitHub
GitHub - soltanali0/CVE-2025-53770-Exploit: SharePoint WebPart Injection Exploit Tool
SharePoint WebPart Injection Exploit Tool. Contribute to soltanali0/CVE-2025-53770-Exploit development by creating an account on GitHub.
PowerShell collector for adding MSSQL attack paths to BloodHound with OpenGraph
https://github.com/SpecterOps/MSSQLHound
https://github.com/SpecterOps/MSSQLHound
GitHub
GitHub - SpecterOps/MSSQLHound: PowerShell collector for adding MSSQL attack paths to BloodHound with OpenGraph
PowerShell collector for adding MSSQL attack paths to BloodHound with OpenGraph - SpecterOps/MSSQLHound
TAP SSH VPN - this will allow you to VPN your machine into the remote TAP device through a reverse SSH tunnel.
https://github.com/trustedsec/tap/blob/master/noscripts/ssh-tunnel.sh
https://github.com/trustedsec/tap/blob/master/noscripts/ssh-tunnel.sh
GitHub
tap/noscripts/ssh-tunnel.sh at master · trustedsec/tap
The TrustedSec Attack Platform is a reliable method for droppers on an infrastructure in order to ensure established connections to an organization. - trustedsec/tap
Your template-based BloodHound terminal companion tool
https://github.com/fin3ss3g0d/cypherhound
https://github.com/fin3ss3g0d/cypherhound
GitHub
GitHub - fin3ss3g0d/cypherhound: Your template-based BloodHound terminal companion tool
Your template-based BloodHound terminal companion tool - fin3ss3g0d/cypherhound
Weaponize DLL hijacking easily. Backdoor any function in any DLL
https://github.com/Print3M/DllShimmer
https://github.com/Print3M/DllShimmer
GitHub
GitHub - Print3M/DllShimmer: Weaponize DLL hijacking easily. Backdoor any function in any DLL.
Weaponize DLL hijacking easily. Backdoor any function in any DLL. - Print3M/DllShimmer
you can call something like NtAllocateVirtualMemoryEx without ever touching ntdll!
https://github.com/whokilleddb/function-collections/blob/main/winapi_alternatives/NtAllocateMemoryEx/main.c
https://github.com/whokilleddb/hoontr
https://github.com/whokilleddb/function-collections/blob/main/winapi_alternatives/NtAllocateMemoryEx/main.c
https://github.com/whokilleddb/hoontr
GitHub
function-collections/winapi_alternatives/NtAllocateMemoryEx/main.c at main · whokilleddb/function-collections
A collection of PoCs to do common things in unconventional ways - whokilleddb/function-collections
Group Policy Objects manipulation and exploitation framework
https://github.com/synacktiv/GroupPolicyBackdoor
https://github.com/synacktiv/GroupPolicyBackdoor
GitHub
GitHub - synacktiv/GroupPolicyBackdoor: Group Policy Objects manipulation and exploitation framework
Group Policy Objects manipulation and exploitation framework - synacktiv/GroupPolicyBackdoor
Named in homage to pwndrop, pwnlift is a simple dotnet server application for uploading files from a desktop without the use of a C2. Useful if you have a console access to a machine and need to take files offline for analysis (such as Code Integrity Policy files).
https://github.com/rasta-mouse/pwnlift
https://github.com/rasta-mouse/pwnlift
GitHub
GitHub - rasta-mouse/pwnlift: Easy peasy file uploads
Easy peasy file uploads. Contribute to rasta-mouse/pwnlift development by creating an account on GitHub.
Comprehensive Windows Syscall Extraction & Analysis Framework
https://github.com/xaitax/NTSleuth
https://github.com/xaitax/NTSleuth
GitHub
GitHub - xaitax/NTSleuth: Comprehensive Windows Syscall Extraction & Analysis Framework
Comprehensive Windows Syscall Extraction & Analysis Framework - xaitax/NTSleuth
Say hello to Eternal Tux🐧, a 0-click RCE exploit against the Linux kernel from KSMBD N-Days (CVE-2023-52440 & CVE-2023-4130)
https://github.com/BitsByWill/ksmbd-n-day
https://github.com/BitsByWill/ksmbd-n-day
GitHub
GitHub - BitsByWill/ksmbd-n-day: Authenticated 0-click RCE against Linux 6.1.45 for CVE-2023-52440 and CVE-2023-4130
Authenticated 0-click RCE against Linux 6.1.45 for CVE-2023-52440 and CVE-2023-4130 - BitsByWill/ksmbd-n-day
EDR-Freeze is a tool that puts a process of EDR, AntiMalware into a coma state.
https://github.com/TwoSevenOneT/EDR-Freeze
https://github.com/TwoSevenOneT/EDR-Freeze
GitHub
GitHub - TwoSevenOneT/EDR-Freeze: EDR-Freeze is a tool that puts a process of EDR, AntiMalware into a coma state.
EDR-Freeze is a tool that puts a process of EDR, AntiMalware into a coma state. - TwoSevenOneT/EDR-Freeze