π₯π Forbidden collection of Red Team sorcery ππ₯
β340Feb 20, 2026Updated 2 weeks ago
Alternatives and similar repositories for RedTeamGrimoire
Users that are interested in RedTeamGrimoire are comparing it to the libraries listed below
Sorting:
- Dump protected process memory by using BYOVD to tamper with handle objects in the kernel.β38Aug 5, 2025Updated 7 months ago
- SOAPy is a Proof of Concept (PoC) tool for conducting offensive interaction with Active Directory Web Services (ADWS) from Linux hosts.β164Jan 23, 2026Updated last month
- Panoptes Endpoint Detection and Response Solutionβ42Jan 19, 2026Updated last month
- Random BOFs for LDAP tradecraftβ74Sep 9, 2025Updated 5 months ago
- Local SYSTEM auth trigger for relaying - Xβ155Jul 23, 2025Updated 7 months ago
- Dump lsass using only NTAPI functions by hand-crafting Minidump files (without MiniDumpWriteDump!!!)β701May 7, 2025Updated 9 months ago
- Locate dlls and function addresses without PEB Walk and EAT parsingβ105Nov 7, 2025Updated 3 months ago
- Weaponizing DCOM for NTLM Authentication Coercionsβ275Jul 1, 2025Updated 8 months ago
- β234Oct 8, 2024Updated last year
- Indirect Syscall implementation to bypass userland NTAPIs hooking.β85Aug 13, 2024Updated last year
- Build sneaky & malicious LNK files.β160Jul 16, 2025Updated 7 months ago
- RunAs Utility Credential Stealer implementing 3 techniques : Hooking CreateProcessWithLogonW, Smart Keylogging, Remote Debuggingβ204Mar 6, 2025Updated last year
- A secure sandbox environment for malware developers and red teamers to test payloads against detection mechanisms before deployment. Inteβ¦β1,314Nov 12, 2025Updated 3 months ago
- Huffman Coding in Shellcode Obfuscation & Dynamic Indirect Syscalls Loader.β283Apr 6, 2025Updated 11 months ago
- β48Dec 5, 2025Updated 3 months ago
- Version 2 - A modern 64-bit position independent meterpreter and Sliver compatible reverse_TCP Staging Shellcode based on Cracked5piders β¦β103Mar 27, 2025Updated 11 months ago
- Impersonate Windows tokens in Nimβ23Aug 4, 2025Updated 7 months ago
- Ludus role for deploying a Cobalt Strike Teamserver onto Linux serversβ18Mar 19, 2025Updated 11 months ago
- Bypassing Amsi using LdrLoadDllβ47Jan 8, 2025Updated last year
- AppLocker-Based EDR Neutralizationβ323Dec 19, 2025Updated 2 months ago
- Evasive Payload Delivery Server & C2 Redirectorβ112Nov 3, 2025Updated 4 months ago
- SoaPy is a Proof of Concept (PoC) tool for conducting offensive interaction with Active Directory Web Services (ADWS) from Linux hosts.β262Feb 21, 2025Updated last year
- Dump lsass using only NTAPI functions creating 3 JSON and 1 ZIP file... and generate the MiniDump file later!β539May 9, 2025Updated 9 months ago
- β82Apr 28, 2025Updated 10 months ago
- A PoC for Early Cascade process injection technique.β211Jan 30, 2025Updated last year
- ProxyWatchβ37Feb 28, 2026Updated last week
- Analyse your malware to surgically obfuscate itβ520Dec 17, 2025Updated 2 months ago
- Easy to use, open-source infrastructure management platform, crafted specifically for red team engagements.β109Feb 16, 2026Updated 2 weeks ago
- A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the β¦β1,823Nov 3, 2024Updated last year
- A sophisticated, covert Windows-based credential dumper using C++ and MASM x64.β443Jul 8, 2024Updated last year
- Bunch of BOF filesβ39Jun 30, 2025Updated 8 months ago
- A Python POC for CRED1 over SOCKS5β165Oct 5, 2024Updated last year
- Aggressor script to automatically download and load an arsenal of open source and private Cobalt Strike tooling.β45Aug 16, 2024Updated last year
- .NET Post-Exploitation Utility for Abusing Strong Explicit Certificate Mappings in ADCSβ150Feb 10, 2025Updated last year
- β139Jan 16, 2025Updated last year
- Windows remote execution multitoolβ783Oct 1, 2025Updated 5 months ago
- Situational Awareness script to identify how and where to run implantsβ68Dec 6, 2024Updated last year
- A technique that can be used to bypass AV/EDR memory scanners. This can be used to hide well-known and detected shellcodes (such as msfveβ¦β592Jun 12, 2024Updated last year
- BOF that finds all the Nt* system call stubs within NTDLL and overwrites with clean syscall stubs (user land hook evasion)β195Feb 6, 2025Updated last year