Dump processes over WMI with MSFT_MTProcess
☆84Feb 13, 2026Updated 3 weeks ago
Alternatives and similar repositories for WMI_Proc_Dump
Users that are interested in WMI_Proc_Dump are comparing it to the libraries listed below
Sorting:
- Python script to leverage MSFT_MTProcess WMI class☆39Sep 17, 2025Updated 5 months ago
- Execute commands, in/exfiltrate files using your custom RPC Server☆65Jan 13, 2026Updated last month
- ☆17Jan 9, 2025Updated last year
- A bunch of shenanigans using functions, VEH and more☆37Jun 8, 2025Updated 8 months ago
- Awesome MalDev Links☆39Feb 27, 2026Updated last week
- ☆50Jun 4, 2025Updated 9 months ago
- ☆138Nov 17, 2025Updated 3 months ago
- ☆126Sep 1, 2024Updated last year
- A BOF that suspends non-GUI threads for a target process or resumes them resulting in stealthy process silencing.☆57Apr 14, 2025Updated 10 months ago
- Random BOFs for LDAP tradecraft☆74Sep 9, 2025Updated 5 months ago
- Dump Kerberos tickets☆45Aug 4, 2025Updated 7 months ago
- Conquest is a feature-rich and malleable command & control/post-exploitation framework developed in Nim.☆259Feb 27, 2026Updated last week
- Reaping treasures from strings in remote processes memory☆285Feb 8, 2025Updated last year
- Python based GUI for browsing LDAP☆180Dec 7, 2025Updated 3 months ago
- Tool to enumerate privileged Scheduled Tasks on Remote Systems☆286Jan 12, 2026Updated last month
- Red Team Assessment Platform - reporting, visualizations, and analytics for cybersecurity red teams☆34Jan 27, 2026Updated last month
- ForsHops☆152Mar 25, 2025Updated 11 months ago
- ☆100Sep 1, 2024Updated last year
- Cobalt Strike Aggressor Script for identifying security products on Windows hosts — six enumeration methods rated by noise level, from si…☆37Feb 6, 2026Updated last month
- A Beacon Object File (BOF) for Havoc/CS to Bypass PPL and Dump Lsass☆167Sep 22, 2025Updated 5 months ago
- Weaponizing DCOM for NTLM Authentication Coercions☆275Jul 1, 2025Updated 8 months ago
- Hijacks code execution via overwriting Control Flow Guard pointers in combase.dll☆137Apr 18, 2025Updated 10 months ago
- Threadless shellcode injection tool☆68Aug 5, 2024Updated last year
- ☆16Dec 7, 2025Updated 3 months ago
- PowerShell implementation for AD CS☆79Feb 19, 2026Updated 2 weeks ago
- This is a proof-of-work for abusing "fsmonitor" against IDE.☆42Nov 22, 2025Updated 3 months ago
- A Python script for creating `.lnk` (shortcut) files with embedded encoded data and packaging them into ZIP archives.☆92Jan 8, 2025Updated last year
- Disconnected RSAT - A method of running Group Policy Manager, Certificate Authority and Certificate Templates MMC snap-ins from non-domai…☆275Dec 27, 2024Updated last year
- Proof of concept for Kerberos Armoring abuse.☆81Dec 12, 2025Updated 2 months ago
- An example reference design for a proposed BOF PE☆200Jan 23, 2026Updated last month
- SharpExShell automates the DCOM lateral movment technique which abuses ActivateMicrosoftApp method of Excel application.☆75May 1, 2024Updated last year
- Local SYSTEM auth trigger for relaying - X☆155Jul 23, 2025Updated 7 months ago
- Advanced Active Directory network topology analyzer with SMB validation, multiple authentication methods (password/NTLM/Kerberos), and co…☆656Jan 16, 2026Updated last month
- Ludus role for deploying a Cobalt Strike Teamserver onto Linux servers☆18Mar 19, 2025Updated 11 months ago
- SACL Scanner is a tool designed to scan and analyze SACLs.☆51Feb 13, 2025Updated last year
- Cobalt Strike Beacon Object File (BOF) that obtain SYSTEM privilege with SeImpersonate privilege by passing a malicious IUnknwon object t…☆97Mar 20, 2023Updated 2 years ago
- TypeLib persistence technique☆140Oct 22, 2024Updated last year
- A malicious OAuth application that can be leveraged for both internal and external phishing attacks targeting Microsoft Azure and Office3…☆168Jul 31, 2025Updated 7 months ago
- Internal Monologue BOF☆79Dec 28, 2024Updated last year