A tool that takes over Windows Updates to craft custom downgrades and expose past fixed vulnerabilities. Presented at Black Hat…
The versatile capabilities of 3proxy, a robust and lightweight proxy server designed for a variety of network tasks. From basic…
JYso is a tool that can be used as both ysoserial and JNDIExploit. It also has bypass functions of multiple JNDI…
Finsploit is a simple bash script to quickly and easily search both local and online exploit databases. This repository also…
We delve into CVE-2024-38077, a critical security vulnerability identified in Windows Server 2025. This flaw, if exploited, could allow unauthorized…
TrickDump dumps the lsass process without creating a Minidump file, generating instead 3 JSON and 1 ZIP file with the…
DriverJack is a tool designed to load a vulnerable driver by abusing lesser-known NTFS techniques. These method bypass the registration of…
SCCM distribution points (DPs) are the servers used by Microsoft SCCM to host all the files used in software installs,…
Metasploit is a powerful and widely used framework for penetration testing and exploitation. It provides security professionals with tools to…
This is a cheatsheet of tools and commands that I use to pentest Active Directory. It includes Windows, Impacket and…