0xthirteen / reg_snake
Python tool to interact with WMI StdRegProv
☆43Updated this week
Related projects ⓘ
Alternatives and complementary repositories for reg_snake
- Modified versions of the Cobalt Strike Process Injection Kit☆88Updated 10 months ago
- Alternative Shellcode Execution Via Callbacks in C# with P/Invoke☆72Updated last year
- ☆87Updated 2 months ago
- Click Once + App Domain☆62Updated 11 months ago
- Beacon Object Files (not Buffer Overflows)☆51Updated last year
- Sniffing files generator☆40Updated last week
- Enumerate information from NTLM authentication enabled web endpoints 🔎☆35Updated last year
- ☆61Updated 2 years ago
- C# version of NTLMRawUnHide☆72Updated 2 years ago
- BadExclusionsNWBO is an evolution from BadExclusions to identify folder custom or undocumented exclusions on AV/EDR☆72Updated 9 months ago
- ☆47Updated last year
- ☆59Updated 4 months ago
- ☆28Updated 5 months ago
- ☆79Updated 6 months ago
- NidhoggScript is a tool to generate "script" file that allows execution of multiple commands for Nidhogg☆45Updated 8 months ago
- ☆73Updated last year
- Add Shadow Credentials to a target object by editing their msDS-KeyCredentialLink attribute☆19Updated 5 months ago
- Lateral Movement via the .NET Profiler☆76Updated this week
- In-memory sleep encryption and heap encryption for Go applications through a shellcode function.☆39Updated 10 months ago
- Code snippets to add on top of cobalt strike sleep mask to achieve patchless hook on AMSI and ETW☆78Updated last year
- Spawns a process from a process. Can sometimes be used to run a session > 0 process from session 0.☆13Updated 2 years ago
- Tool for playing with Windows Access Token manipulation.☆52Updated last year
- ☆96Updated last year
- lsassdump via RtlCreateProcessReflection and NanoDump☆73Updated last month
- Threadless shellcode injection tool☆61Updated 3 months ago
- time-based user enum via Basic Auth in Azure against Autodiscover☆29Updated last month
- Experimental PoC for unhooking API functions using in-memory patching, without VirtualProtect, for one specific EDR.☆38Updated last year
- ☆92Updated 9 months ago
- ☆119Updated last year