Operator-grade loaders, payloads, post-exploitation tools, and tradecraft developed in-lab for our own engagements. We're preparing a curated subset for licensed sale to vetted red teams and authorized testing programs.
We're standing up the licensing infrastructure now — buyer verification, EULA, distribution channel, signing keys, and the operational support framework that has to exist before any of this can ship responsibly.
When the catalog opens, expect a small number of polished, narrowly-scoped tools rather than a sprawling shop. Each release will be vendor-signed, versioned, documented to the level we'd expect from any vendor we'd buy from, and bound by a written authorized-use license.
Tooling is one part of the practice — not the headline. The lab's primary work remains operator-led engagements. Tools we publish are ones we've already used in our own operations long enough to trust.
Drop your email. We'll send one message when the catalog opens — and nothing else. No newsletter, no drip campaign.
Position-independent loaders, in-memory execution primitives, syscall-only beacons, and staging frameworks built for modern endpoint defenses.
Discovery, credential, lateral-movement, and persistence modules. Operator-friendly tooling for AD, cloud identity, and hybrid environments.
Curated configurations, evasion profiles, and operator playbooks for the major C2 frameworks. What we use ourselves, packaged for licensed teams.
The detection content we develop while running offensive engagements — Sigma rules, KQL, SPL — packaged for SOCs that want to catch what we use.
Lab notebooks, capture-the-flag environments, and operator coursework derived from our internal training programs. Suitable for in-house red-team apprenticeships.
For larger teams: bespoke tooling built to your specific environment, requirements, and operational constraints. Engagement-style scoping; per-team licensing.
These tools are designed for offensive security work and could cause harm if used against systems without authorization. We sell them on a controlled basis. Every buyer is verified before any release. Every transaction includes a written authorized-use license.
Buyers must be one of:
We reserve the right to decline any sale. Verification typically takes 3–7 business days and involves business validation, jurisdictional review, and reference checks. Re-sale, sub-licensing, or use against unauthorized targets terminates the license and may trigger civil and criminal action under applicable jurisdictions.
Full terms appear in the EULA shipped with each product. If your use case doesn't fit cleanly into the categories above, write to us before you order — we're more interested in serving you well than in selling a license you can't legitimately use.
We may already have what you need on hand. Custom-build inquiries and licensed early-access requests go through the engagement channel.
./inquire_tooling.sh