Tools and technical write-ups describing attacking techniques that rely on concealing code execution on Windows

BadAssMacros - C# based automated Malicous Macro Generator.

This repo covers some code execution and AV Evasion methods for Macros in Office documents

A repository with my notable code snippets for Offensive Security's PEN-300 (OSEP) course.

Collection of UAC Bypass Techniques Weaponized as BOFs

Weaponizing for privileged file writes bugs with windows problem reporting

macro_pack is a tool by @EmericNasi used to automatize obfuscation and generation of Office documents, VB scripts, shortcuts, and other formats for pentest, demo, and social engineering assessments…

A C++ header-only HTTP/HTTPS server and client library

Library that eases the use of indirect syscalls. Quite interesting AV/EDR bypass as PoC.

Get up and running with Llama 3.3, DeepSeek-R1, Phi-4, Gemma 3, and other large language models.

Ollama Python library

WMI virus, because funny

Fileless lateral movement tool that relies on ChangeServiceConfigA to run command

Open-source Windows and Office activator featuring HWID, Ohook, TSforge, KMS38, and Online KMS activation methods, along with advanced troubleshooting.

Payload Generation Framework

A cross-platform assistant for creating malicious MS Office documents. Can hide VBA macros, stomp VBA code (via P-Code) and confuse macro analysis tools. Runs on Linux, OSX and Windows.

JScript RAT

A tool for generating multiple types of NTLMv2 hash theft files by Jacob Wilkin (Greenwolf)

Exploitation paths allowing you to (mis)use the Windows Privileges to elevate your rights within the OS.

Just another Powerview alternative

Python script to enumerate users, groups and computers from a Windows domain through LDAP queries

The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.

This repo contains some Amsi Bypass methods i found on different Blog Posts.

Identifies the bytes that Microsoft Defender / AMSI Consumer flags on.

"Golden" certificates

Find interesting files stored on (System Center) Configuration Manager (SCCM/CM) SMB shares

The PoCs source code for the "Java(Script) Drive-By, Hacking Without 0days" blog post.

.NET IPv4/IPv6 machine-in-the-middle tool for penetration testers