A PoC implementation of an enahnced version of StackMoonwalk, which combines its original technique to remove the caller from the call stack, with a memory self-encryption routine, using ROP to both desynchronize unwinding from control flow and simultaneously encrypt the executing shellcode to hide it from inpection.

A Burp Suite extension for real-time sharing of HTTP traffic between team members with user-based highlighting.

This document outlines the results of a pentest and whitebox security review conducted against a number of Tor Project items. Test Targets: Network Metrics, Visualization Stack, Relay & Network Health Tools, Exit Relay Scanning, Bandwidth Measurement, Tor Core Code Changes

Explore zero-click exploits — stealthy, interactionless chains that evade defenses. Case studies reveal patch gaps and the need for stronger validation.

A tool that provides a web interface to easily perform GitHub Device Code phishing on red team engagements.

Beacon Object File for Cobalt Strike that executes .NET assemblies in beacon with evasion techniques.

Boflink is a tool designed to act as a sort of fill-in for the missing linking stage that comes with the BOF development process. It is a linker that takes unmodified object files generated by a compiler and links them together into a Beacon Object File capable of being loaded by a BOF loader.

Its main goal is to act as a bridge between the BOF development and the BOF loading process to help simplify them.

GhostLocker: AppLocker-Based EDR Neutralization
Introduction
After my article on Fairy-Law, where I used kernel mitigations to disable Endpoint Detection & Response (EDR) solutions, diversenok pointed out that IFEO exclusions (Image File Execution Options) were too invasive for third-party applications. This led to a better approach: leveraging the inherent power administrators already possess through AppLocker.

The concept was inspired by diversenok, who highlighted that administrators can legitimately control any software on their systems. From that insight, I developed a technique using AppLocker as a native Windows control mechanism. This research explores the technical implementation of AppLocker for EDR control, comparing it with WDAC and presenting a practical proof-of-concept tool.

Automated All-in-One OS Command Injection Exploitation Tool.
Usage examples

The document examines the ransomware’s modular architecture, its ability to reboot systems into Safe Mode, terminate critical enterprise services, and perform multi‑threaded file encryption for maximum impact. It also highlights how Agenda targets healthcare and education organizations across Asia and Africa, leveraging spear‑phishing and compromised credentials to gain initial access.

Serverless AITM Simulation Framework for Entra ID and M365

New 0 day vulnerability allowing to leak NTLM hashes from browsers with one click

leakage of the victim’s NTLMv2-SSP hash to an attacker-controlled server. This issue enables credential exposure and potential relay attacks in enterprise environments, requiring only minimal user interaction (Opening the App). Microsoft didn't recognize the vulnerability and no CVE was issued.

BrutDroid - Android Studio Pentest Automator: Streamline mobile pentesting with automated emulator rooting, Frida, and Burp Suite integration.