Post Exploitation

Threat emulation tool for adversary simulations and red team operations

A comprehensive educational resource that provides structured guidance on penetration testing methodology, tools, and techniques organized around the penetration testing attack chain.

A post-exploitation framework for attacking AWS infrastructure, enabling attacks on EC2 instances without SSH keypairs and extraction of AWS secrets and parameters.

Open source application for retrieving passwords stored on a local computer with support for various software and platforms.

A cross-platform HTTP/2 Command & Control framework written in Golang for post-exploitation activities and remote system management.

PowerSploit is a PowerShell-based penetration testing framework containing modules for code execution, injection techniques, persistence, and various offensive security operations.

CloudCopy implements a cloud version of the Shadow Copy attack to extract domain user hashes from AWS-hosted domain controllers by creating and mounting volume snapshots.

A lightweight Command and Control (C2) implant written in Nim that provides remote access capabilities for penetration testing and red team operations.

A bash script for automating Linux swap analysis for post-exploitation or forensics purposes.

Havoc is a malleable post-exploitation command and control framework that provides a client-server architecture with payload generation, customizable C2 profiles, and team collaboration capabilities for red team operations.

A cross-platform post-exploitation HTTP/2 Command & Control framework designed specifically for testing and exploiting containerized environments including Docker and Kubernetes.

InvisibilityCloak is a proof-of-concept C# code obfuscation toolkit designed for red teaming and penetration testing to conceal post-exploitation tools from detection.

A Linux process injection tool that uses ptrace() to inject assembly-based shellcode into running processes without NULL byte restrictions.

SharpC2 is a C#-based Command and Control framework that provides remote access capabilities for penetration testing and red team operations.

A comprehensive PowerShell cheat sheet covering various tasks and techniques for file management, process management, network operations, and system administration.

A post-exploitation framework designed to operate covertly on heavily monitored environments.

Anti-forensics tool for Red Teamers to erase footprints and test incident response capabilities.

A comprehensive .NET post-exploitation library designed for advanced security testing.

SILENTTRINITY is a Python-based, asynchronous C2 framework that uses .NET scripting languages for post-exploitation activities without relying on PowerShell.

A PowerShell toolkit for penetration testing Microsoft Azure environments, providing discovery, configuration auditing, and post-exploitation capabilities.

Pupy is an open-source, cross-platform C2 framework that provides remote access and control capabilities for compromised systems across Windows, Linux, OSX, and Android platforms.

A post-exploitation tool for pentesting Active Directory

A PHP-based command and control framework that maintains persistent web server access through polymorphic backdoors and HTTP header communication tunneling.

GraphSpy is a browser-based post-exploitation tool for Azure Active Directory and Office 365 environments that enables token management, reconnaissance, and interaction with Microsoft 365 services.