A curated collection of Living off the Land (LotL) attack demonstrations where trusted binaries go rogue, because if it didn’t launch calc.exe, did it even happen?
☆35Jan 7, 2026Updated last month
Alternatives and similar repositories for CalcOrItDidntHappen
Users that are interested in CalcOrItDidntHappen are comparing it to the libraries listed below
Sorting:
- Cobalt Strike notifications via NTFY.☆15Sep 24, 2024Updated last year
- Simple reverse ICMP shell☆14Apr 30, 2024Updated last year
- ☆14Aug 21, 2022Updated 3 years ago
- AWS X-Ray for Covert Command & Control☆45Oct 13, 2025Updated 4 months ago
- List of scripts used for malware analysis☆15Aug 10, 2015Updated 10 years ago
- This project provides Base64 encoding and decoding functionality to PowerShell within Constrained Language Mode☆27Jun 25, 2024Updated last year
- Searching .evtx logs for remote connections☆24Jul 6, 2023Updated 2 years ago
- Scanner for the SharePoint CVE-2025-53770 RCE zero day vulnerability.☆44Feb 10, 2026Updated 3 weeks ago
- ☆23Jul 7, 2023Updated 2 years ago
- Dump Kerberos tickets☆45Aug 4, 2025Updated 7 months ago
- Talk given at DerbyCon and RuxCon 2016☆23Sep 23, 2016Updated 9 years ago
- POC tool to abuse windows server failover clusters☆55Aug 7, 2025Updated 6 months ago
- PowerShell Empire module for logging USB keystrokes via ETW☆32Nov 11, 2016Updated 9 years ago
- A PoC UDRL for Cobalt Strike built with Crystal Palace that combines Raphael Mudge's page streaming technique with a modular call gate (D…☆97Jan 21, 2026Updated last month
- Protect your servers with a secret header☆29Jun 12, 2020Updated 5 years ago
- Manage user's subscriptions based on invitation.☆12Sep 25, 2023Updated 2 years ago
- A VSCode plugin to assist with BOF development.☆37Aug 14, 2024Updated last year
- The dragon in the dark. A red team post exploitation framework for testing security controls during red team assessments.☆460Feb 25, 2026Updated last week
- Remote process dumping automation. Use it to dump Windows credentials remotely and extract clear text with Mimikatz offline☆35Jan 3, 2020Updated 6 years ago
- Automated remote exports (snapshots) for your Bitwarden vault☆10Jun 14, 2024Updated last year
- A complete system to deploy functional Honeypots to all infrastructures that needs to be notified when something anomalous occur☆10Feb 8, 2022Updated 4 years ago
- Proof of Concepts for malicious maintainers: How to Tamper with Releases built with GitHub Actions Worfklows, presented at fwd:cloudsec E…☆78Sep 16, 2025Updated 5 months ago
- My python3 implementation of a Forward Shell☆36Jan 25, 2019Updated 7 years ago
- Remote DLL Injection with Timer-based Shellcode Execution☆154Jul 18, 2025Updated 7 months ago
- GPO Bypass is a tool / proof-of-concept that highlights how one can bypass Group Policy enforced policies. It uses Firefox as an example.☆14Jan 28, 2023Updated 3 years ago
- ☆14Mar 10, 2021Updated 4 years ago
- Download full episodes directly from Nickelodeon's servers☆10Nov 27, 2020Updated 5 years ago
- CyberSniff Desktop Client☆18Jul 13, 2022Updated 3 years ago
- This is an update for wvthoog proxmox vGPU script with extended driver Supports☆14May 7, 2025Updated 9 months ago
- Opensource Telegram (Osint) Tool☆21Jan 3, 2025Updated last year
- The Mimi Reader Android app☆11Jan 28, 2021Updated 5 years ago
- A Jekyll template that uses Simple.css and no plugins☆12May 7, 2024Updated last year
- Mixnet Messaging App☆11Oct 3, 2025Updated 5 months ago
- Personal notes and lab results pertaining to the text "Practical Malware Analysis" by Michael Sikorski and Andrew Honiq.☆12Oct 28, 2017Updated 8 years ago
- Activate Windows & Office 🔑☆13Jun 15, 2024Updated last year
- OSINT=*, Chrome extension that searches all the threat feeds☆11Dec 5, 2021Updated 4 years ago
- MFT Fast Transcoder is a fast forensic tool to analyze MFT of NTFS partitions.☆12Feb 27, 2023Updated 3 years ago
- ☆15Sep 4, 2024Updated last year
- Solution to the AMOS-MM challenge☆13Sep 13, 2025Updated 5 months ago