diff --git a/Offensive.md b/Offensive.md
index 3e997f7..05c10b4 100644
--- a/Offensive.md
+++ b/Offensive.md
@@ -71,6 +71,10 @@ Some tools can be categorized in more than one category. But because the current
dsnezhkov/TruffleSnout |
Iterative AD discovery toolkit for offensive operations |
+
+ EspressoCake/Process_Protection_Level_BOF |
+ A Syscall-only BOF file intended to grab process protection attributes, limited to a handful that Red Team operators and pentesters would commonly be interested in. |
+
fashionproof/CheckSafeBoot |
I used this to see if an EDR is running in Safe Mode |