Stop clicking through 15 menus just to find one Azure blade 🛑55,000+ Microsoft pros use cmd.ms to skip the portal fatigue. I just launched a massive V2 rewrite: ⚡️ 100% keyboard-driven 🎯 Jump to any blade instantly 🔍 New Purview + Security commands

mssqlbof - A Beacon Object File suite for Microsoft SQL Server that speaks TDS 7.4 on the wire itself github.com/MazX0p/mssqlbof

Smol project which might be useful: Python3 port of Mr.Un1k0d3r's PowerShell Less project github.com/whokilleddb/Po… (I am sure a python3 port already exists but I couldn't find one)

Anthropic’s Mythos points to a future of machine-speed attacks. What changes for defenders? 🤔 Join Justin Kohler & Jared Atkinson and learn how AI is accelerating compromise, why identity attack paths matter, and what you can do now. Register → ghst.ly/47PJs6E

Releasing GodPotatoBOF: Cobalt Strike BOF used to perform privilege escalation by exploiting the SeImpersonate privilege. OPSEC safe alternative to the .NET version. Based on the original GodPotato PoC by BeichenDream. github.com/incursi0n/GodP…

WebRelayX. NTLM relay tool focused on Web (http/s) targets. It builds on impacket's ntlmrelayx and adds cookie harvesting and auth scan github.com/SecCoreGmbH/We…

KslKatzBOF Havoc C2 BOF port of the KslD.sys BYOVD technique. Credential extraction from lsass via physical memory. No OpenProcess, no auditable API calls github.com/Muz1K1zuM/kslk… #apt #redteam

Had some fun making this credential dumper BOF implementing the Silent Harvest mechanism from Haidar . Thanks to him as well as Furkan Göksel for his SilentNimvest implementation of the research! github.com/Octoberfest7/S…

Made a quick BOF to exploit the currently unpatched BlueHammer vulnerability to dump SAM hashes from a low integrity context. github.com/incursi0n/Blue…

NTLMv1 is still out there. And now it’s easier than ever to break. Skyler Knecht walks through how Google’s rainbow tables make NT hash recovery practical, no third-party service required. Check it out! ⤵️ ghst.ly/4vqx9Id

🚨 Microsoft Defender 0-Day Vulnerability “RedSun” Enables Full SYSTEM Access Source: cybersecuritynews.com/defender-0-day… A newly disclosed zero-day vulnerability in Microsoft Defender, dubbed "RedSun," allows an unprivileged user to escalate privileges to full SYSTEM-level access on

Just pushed a minor update to #mimikatz 2 🥝(no - it's *NOT* the version 3) to support specific GMSA DPAPI passwords in LSA secrets to be able to to decrypt Masterkeys > github.com/gentilkiwi/mim… Only for topotam convenience ;)

If you’re into Impacket you might want to checkout Titanis. Perhaps it’s more opsec safe 🤷‍♂️ github.com/trustedsec/Tit…

Justin Elze github.com/n00py/Outpacket Maybe useful

swarmer. tool for sneakily adding registry keys to HKCU without EDR/AV being able to see what's happening even if you don't have administrator access github.com/praetorian-inc…

SilentHarvest BOF This is a BOF implementation of SilentNimvest project, which is in turn based on the SilentHarvest research. It's another registry-only credential dumper, replicating hashdump capabilities as well as retrieving secrets stored in the HKLM\SECURITY\Policy\Secrets

🔴 Active Directory Attack Architecture – Visualized Like Never Before If you’re into Red Teaming / AD Exploitation, this is 🔥 This interactive map breaks down how attackers move from initial access ➝ domain dominance using real-world techniques. 💡 Why it matters: Modern

Gone are the days of risking a Rubeus monitor run (even via the amazing BOF[.]NET by CCob🏴󠁧󠁢󠁷󠁬󠁳󠁿 ) in your conquest beacon. Jakob is crushing it! github.com/jakobfriedl/tg…

Tried secretsdump in GoPacket (impacket in Go). It dumps the SAM and LSA secrets, but not the NTDS.DIT AD hashes. Impacket-secretsdump does succeed on dumping those hashes with the GOAD test DC. Btw, to only build the binaries use: $ ./install.sh --build-only

Kerberos TGT Monitor BOF Async Beacon Object File (BOF) that monitors for Kerberos logon events and wakes up the agent whenever a new Kerberos TGT is captured. Similar to Rubeus' monitor command, this BOF is running indefinitely and periodically checks the LSA ticket cache on