diff --git a/Offensive.md b/Offensive.md
index 976481e..0a2497e 100644
--- a/Offensive.md
+++ b/Offensive.md
@@ -1064,6 +1064,10 @@ Some tools can be categorized in more than one category. But because the current
| EspressoCake/Toggle_Token_Privileges_BOF |
Syscall BOF to arbitrarily add/detract process token privilege rights. |
+
+ | GhostPack/Certify |
+ Active Directory certificate abuse. |
+
| GhostPack/ForgeCert |
ForgeCert uses the BouncyCastle C# API and a stolen Certificate Authority (CA) certificate + private key to forge certificates for arbitrary users capable of authentication to Active Directory. |
@@ -1334,6 +1338,10 @@ Some tools can be categorized in more than one category. But because the current
Flangvik/RosFuscator |
YouTube/Livestream project for obfuscating C# source code using Roslyn |
+
+ | GetRektBoy724/SharpUnhooker |
+ C# Based Universal API Unhooker |
+
| GetRektBoy724/TripleS |
Syscall Stub Stealer - Freshly steal Syscall stub straight from the disk |
@@ -2009,10 +2017,6 @@ Some tools can be categorized in more than one category. But because the current
FuzzySecurity/StandIn |
StandIn is a small .NET35/45 AD post-exploitation toolkit |
-
- | GhostPack/Certify |
- Active Directory certificate abuse. |
-
| improsec/ImproHound |
Identify the attack paths in BloodHound breaking your AD tiering |