EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections (Kernel callbacks and …

EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections (Kernel callbacks and …
DRAKVUF Sandbox is an automated black-box malware analysis system with DRAKVUF engine under the hood, which does not require an …
This PoC was ported in pure PowerShell: https://github.com/DarkCoderSc/power-brute-logon Release date: 2020-05-14 Target: Windows XP to Latest Windows 10 Version (1909) …
lsarelayx is system wide NTLM relay tool designed to relay incoming NTLM based authentication to the host it is running …
DetectionLabELK is a fork from Chris Long’s DetectionLab with ELK stack instead of Splunk. Description: DetectionLabELK is the perfect lab …
Deploy a small, intentionally insecure, vulnerable Windows Domain for RDP Honeypot fully automatically. Runs on self-hosted virtualization using libvirt with …
A tool for generating multiple types of NTLMv2 hash theft files. ntlm_theft is an Open Source Python3 Tool that generates …
FalconEye is a windows endpoint detection software for real-time process injections. It is a kernel-mode driver that aims to catch …
This tool implements a userland exploit that was initially discussed by James Forshaw (a.k.a. @tiraniddo) – in this blog post …
StandIn is a small AD post-compromise toolkit. StandIn came about because recently at xforcered we needed a .NET native solution …