1. Ps ToolsPs-Tools, an advanced process monitoring toolkit for offensive operations
3. Recon AdRecon-AD, an AD recon tool based on ADSI and reflective DLL’s
4. ZipperZipper, a CobaltStrike file and folder compression utility.
5. WdtoggleA Beacon Object File (BOF) for Cobalt Strike which uses direct system calls to enable WDigest credential caching.
6. RedelkRed Team's SIEM - tool for Red Teams used for tracking and alarming about Blue Team activities as well as better usability in long term operations.
8. Net Gpppassword.NET implementation of Get-GPPPassword. Retrieves the plaintext password and other information for accounts pushed through Group Policy Preferences.
9. Findobjects BofA Cobalt Strike Beacon Object File (BOF) project which uses direct system calls to enumerate processes for specific loaded modules or process handles.
11. EvilclippyA cross-platform assistant for creating malicious MS Office documents. Can hide VBA macros, stomp VBA code (via P-Code) and confuse macro analysis tools. Runs on Linux, OSX and Windows.
12. DumpertLSASS memory dumper using direct system calls and API unhooking.
13. Invoke AdlabdeployerAutomated deployment of Windows and Active Directory test lab networks. Useful for red and blue teams.
14. Excel4 DcomPowerShell and Cobalt Strike scripts for lateral movement using Excel 4.0 / XLM macros via DCOM (direct shellcode injection in Excel.exe)
15. Spray AdA Cobalt Strike tool to audit Active Directory user accounts for weak, well known or easy guessable passwords.
17. HelpColorAgressor script that lists available Cobalt Strike beacon commands and colors them based on their type
18. Invoke-TemplatorA PowerShell script to parse the docx/docm file format and update the template location.
20. TamperETWPoC to demonstrate how CLR ETW events can be tampered.
21. InlineWhispersTool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF)