Interactive PowerShell framework for testing WMI, COM, LOLBAS, and persistence techniques
☆96Dec 28, 2025Updated 2 months ago
Alternatives and similar repositories for NEBULA
Users that are interested in NEBULA are comparing it to the libraries listed below
Sorting:
- A Windows tool that converts LDIF files to BloodHound CE☆27Dec 20, 2025Updated 2 months ago
- A stager and implant that executes remote Web Assembly☆37Feb 4, 2026Updated last month
- template for developing custom C2 channels for Cobalt Strike using IAT hooks applied by a reflective loader.☆101Jan 10, 2026Updated last month
- Cobalt Strike UDC2 implementation that provides an Slack C2 channel☆63Jan 5, 2026Updated 2 months ago
- Ludus range for the Constructing Defense Lab☆106Feb 23, 2026Updated 2 weeks ago
- A PowerShell variant of the amazing patch_review.py by kevthehermit☆193Oct 23, 2025Updated 4 months ago
- CVE-2025-59501 POC code☆25Nov 20, 2025Updated 3 months ago
- Modified version of PEAS client for offensive operations☆50Nov 1, 2025Updated 4 months ago
- Golang Automation Framework for Cobalt Strike using the Rest API☆56Dec 4, 2025Updated 3 months ago
- Agent for AdaptixC2 with focus in evasion, capability and malleable.☆165Mar 1, 2026Updated last week
- Beacon Object File (BOF) for Using the BadSuccessor Technique for Account Takeover☆86Oct 20, 2025Updated 4 months ago
- ☆28Feb 11, 2026Updated 3 weeks ago
- Baseline a Windows System against LOLBAS☆72Feb 2, 2026Updated last month
- Visualize Microsoft Defender XDR process trees and security events☆33Aug 24, 2025Updated 6 months ago
- Cobalt Strike Aggressor Script for identifying security products on Windows hosts — six enumeration methods rated by noise level, from si…☆37Feb 6, 2026Updated last month
- Cobalt Strike BOF to freeze EDR/AV processes and dump LSASS using WerFaultSecure.exe PPL bypass☆117Jan 29, 2026Updated last month
- sideloading PoC using onedrive.exe & version.dll☆92Oct 30, 2025Updated 4 months ago
- A tool to convert windows registry export files into windows hive files that can be used to replace NTUSER.MAN☆105Jan 26, 2026Updated last month
- Stage 0☆169Dec 18, 2024Updated last year
- Two WinForms GUI tools for enumerating, searching, and exfiltrating data from M365 environments using application-level OAuth tokens☆87Updated this week
- C++ tool and library for converting .bin files to shellcode in multiple output formats.☆34Aug 18, 2025Updated 6 months ago
- open source port/reimplementation of the Cobalt Strike BOF Loader as is☆68Feb 3, 2026Updated last month
- A beginner-friendly collection of Rust notes focused on Red Team Tooling • Malware Development • Systems Programming • Rust Fundamentals☆58Nov 24, 2025Updated 3 months ago
- Step-by-step documentation on how to decrypt SCCM database secrets offline☆50Oct 20, 2025Updated 4 months ago
- A BOF that's a BOF Loader and more☆199Jan 17, 2026Updated last month
- Folder Or File Delete to Get System Shell on Current Session Desktop☆47Jan 14, 2025Updated last year
- Shellcode and In-PowerShell solution for patching AMSI via Page Guard Exceptions☆63Nov 15, 2025Updated 3 months ago
- Universal exploitation tool for CVE-2025-33073 targeting Windows Domain Controllers with DNSAdmins privileges and WinRM enabled.☆65Nov 14, 2025Updated 3 months ago
- poc for cve-2025-53772☆46Dec 10, 2025Updated 2 months ago
- AppLocker-Based EDR Neutralization☆323Dec 19, 2025Updated 2 months ago
- ☆22Nov 22, 2025Updated 3 months ago
- Wonka is a sweet Windows tool that extracts Kerberos tickets from the Local Security Authority (LSA) cache. Like finding a ticket, but fo…☆167Oct 21, 2025Updated 4 months ago
- ☆36Feb 12, 2026Updated 3 weeks ago
- ☆20Sep 6, 2025Updated 6 months ago
- A basic python based tool for domain ℹ️ information gathering. I am working 💻 on collecting information related to domain whois, history…☆12Jan 11, 2026Updated last month
- Go实现用于Windows系统的进程隐藏工具,通过DLL注入技术将指定进程从任务管理器中隐藏☆26Jan 22, 2026Updated last month
- WinRemoteEnum is a module-based collection of operations achievable by a low-privileged domain user.☆13Oct 24, 2022Updated 3 years ago
- List web account manager (WAM) accounts added to the current profile☆22Dec 11, 2025Updated 2 months ago
- Fairy Law - Compromise or disable EDR security solutions☆68Dec 1, 2025Updated 3 months ago