Open-source offensive tools I created or had the occasion to contribute to.


FarsightAD is a PowerShell script that implements multiple cmdlets to help detect and investigate Active Directory persistence, following a forest or domain compromise. It rely on a mix of reviewing the current domain state and getting historical information / timestamps (notably from replication meta data) whenever possible.​

Areas of persistence covered: fully or partially hidden objects (detected using replication data queried through DRS), SIDHistory & primaryGroupID persistence, ACL / GPO / AD CS / Kerberos based persistence, …



EDRSandBlast is a tool written in C that weaponize a vulnerable signed driver to bypass EDR detections (Kernel callbacks and ETW TI provider) and LSASS protections.
Multiple userland unhooking techniques are also implemented to evade userland monitoring.

Developed with Maxime Meignan



Static standalone binaries for Linux and Windows (x64) of Python offensive tools.
Compiled using Docker for Windows, WSL2, and Make.


DFIR scripts

Various PowerShell or Python scripts to assist and automate tasks during digital forensics investigations.

GitHub Gists

Other contributions

Occasional contributions to open-source security projects, such as Metasploit, Priv2Admin, KapeFiles, PingCastle, Velociraptor’s Artifact Exchange, Microsoft-Extractor-Suite, etc.