Offensive Security for Windows

A comprehensive repository of red teaming resources including cheatsheets, detailed notes, automation scripts, and practice platforms covering multiple cybersecurity domains.

A command line utility for managing volume shadow copies with capabilities for evasion, persistence, and file extraction.

SigThief extracts digital signatures from signed PE files and appends them to other files to create invalid signatures for testing Anti-Virus detection mechanisms.

SharpAppLocker is a C# tool that retrieves AppLocker application control policies from Windows systems, replicating the Get-AppLockerPolicy PowerShell cmdlet functionality.

A shellcode generator that creates position-independent code for loading and executing .NET Assemblies, PE files, and Windows payloads from memory.

Fridump is an open source memory dumping tool that uses the Frida framework to extract accessible memory addresses from iOS, Android, and Windows applications for security testing and analysis.

A Windows kernel driver intentionally designed with various vulnerabilities to help security researchers practice kernel exploitation techniques.

Open source application for retrieving passwords stored on a local computer with support for various software and platforms.

PowerSploit is a PowerShell-based penetration testing framework containing modules for code execution, injection techniques, persistence, and various offensive security operations.

A list of Windows privilege escalation techniques, categorized and explained in detail.

A collection of precompiled Windows exploits for privilege escalation.

Participation in the Red Team for Pacific Rim CCDC 2017 with insights on infrastructure design and competition tips.

A COM Command & Control framework that uses JScript to provide fileless remote access capabilities on Windows systems through a modular plugin architecture.

Tool for deleting logs on Linux/Windows servers.

A tool that exposes the functionality of the Volume Shadow Copy Service (VSS) for creation, enumeration, and manipulation of volume shadow copies, with features for persistence and evasion.

Tool to identify and understand code-injection vulnerabilities in Windows 7 UAC whitelist system.

A repository documenting AppLocker bypass techniques with verified methods, legacy DLL execution approaches, and a PowerShell module for identifying AppLocker weaknesses.

Darkarmour is an open-source Windows antivirus evasion framework that enables security professionals to bypass antivirus detection through customizable obfuscation and anti-analysis techniques.

A comprehensive repository of payloads and bypass techniques for web application security testing and penetration testing across multiple platforms and attack vectors.

A powerful tool for extracting passwords and performing various Windows security operations.

PowerUp aims to be a clearinghouse of common Windows privilege escalation vectors that rely on misconfigurations.

Abusing SCF files to gather user hashes from an unauthenticated writable Windows-based file share.

A next generation version of enum4linux with enhanced features for enumerating information from Windows and Samba systems.

TikiTorch is a process injection tool that executes code within the address space of other processes using various injection techniques.