3lp4tr0n/SessionHop external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

3lp4tr0n/SessionHop

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/3lp4tr0n/SessionHop)

Close

3lp4tr0n / SessionHopView on GitHubMore

• External links
• Readme badge

Windows Session Hijacking via COM

☆340Dec 13, 2025Updated 3 months ago

Alternatives and similar repositories for SessionHop

Users that are interested in SessionHop are comparing it to the libraries listed below

• outflanknl / seccomp-notify-injection

  View on GitHub
  Linux Process Injection via Seccomp Notifier
  ☆84Dec 9, 2025Updated 3 months ago
• monsieurPale / BreakFAST

  View on GitHub
  Proof of concept for Kerberos Armoring abuse.
  ☆82Dec 12, 2025Updated 3 months ago
• deepinstinct / DCOMUploadExec

  View on GitHub
  DCOM Lateral movement POC abusing the IMsiServer interface - uploads and executes a payload remotely
  ☆384Dec 13, 2024Updated last year
• JoasASantos / ImgPayload

  View on GitHub
  Advanced shellcode injector for images supports BMP, GIF, EXIF (JPEG), and LSB (PNG) techniques. Includes XOR encoding, offset indexing, …
  ☆26Jun 11, 2025Updated 9 months ago
• bytewreck / DumpGuard

  View on GitHub
  Proof-of-Concept tool for extracting NTLMv1 hashes from sessions on modern Windows systems.
  ☆638Oct 27, 2025Updated 4 months ago
• breakfix / SharpSCOM

  View on GitHub
  A C# utility for interacting with SCOM
  ☆96Dec 2, 2025Updated 3 months ago
• grayhatkiller / wambam-bof

  View on GitHub
  ☆48Dec 5, 2025Updated 3 months ago
• logangoins / BadTakeover-BOF

  View on GitHub
  Beacon Object File (BOF) for Using the BadSuccessor Technique for Account Takeover
  ☆86Oct 20, 2025Updated 5 months ago
• decoder-it / KrbRelayEx-RPC

  View on GitHub
  ☆198Mar 28, 2025Updated 11 months ago
• synacktiv / gpoParser

  View on GitHub
  gpoParser is a tool designed to extract and analyze configurations applied through Group Policy Objects (GPOs) in an Active Directory env…
  ☆345Updated this week
• rasta-mouse / process-inject-kit

  View on GitHub
  Port of Cobalt Strike's Process Inject Kit
  ☆192Dec 1, 2024Updated last year
• ricardojoserf / SAMDump

  View on GitHub
  Extract the SAM and SYSTEM hives using the Volume Shadow Copy (VSS) API. With exfiltration and XOR obfuscation options. Implemented in C#…
  ☆342Feb 2, 2026Updated last month
• 0xTriboulet / rssh-rs

  View on GitHub
  ☆55May 31, 2025Updated 9 months ago
• NtDallas / MemLoader

  View on GitHub
  Run native PE or .NET executables entirely in-memory. Build the loader as an .exe or .dll—DllMain is Cobalt Strike UDRL-compatible
  ☆271Jun 18, 2025Updated 9 months ago
• yo-yo-yo-jbo / commandline_spoofing

  View on GitHub
  Commandline spoofing on Windows
  ☆94Nov 25, 2025Updated 3 months ago
• Mr-Un1k0d3r / DotnetNoVirtualProtectShellcodeLoader

  View on GitHub
  load shellcode without P/D Invoke and VirtualProtect call.
  ☆169Sep 2, 2025Updated 6 months ago
• decoder-it / ChgPass

  View on GitHub
  ☆136Feb 11, 2025Updated last year
• synacktiv / DLHell

  View on GitHub
  Local & remote Windows DLL Proxying
  ☆169Jun 17, 2024Updated last year
• synacktiv / GroupPolicyBackdoor

  View on GitHub
  Group Policy Objects manipulation and exploitation framework
  ☆298Dec 7, 2025Updated 3 months ago
• ofasgard / execute-assembly-pico

  View on GitHub
  A PICO for Crystal Palace that implements CLR hosting to execute a .NET assembly in memory.
  ☆129Jan 28, 2026Updated last month
• garrettfoster13 / CVE-2025-59501

  View on GitHub
  CVE-2025-59501 POC code
  ☆25Nov 20, 2025Updated 4 months ago
• whokilleddb / ETWListicle

  View on GitHub
  List the ETW provider(s) in the registration table of a process.
  ☆80Sep 20, 2023Updated 2 years ago
• dazzyddos / ClickOnceBlobber

  View on GitHub
  Weaponize signed .NET ClickOnce applications for initial access by hijacking a dependency DLL via AppDomainManager injection and loading …
  ☆147Feb 14, 2026Updated last month
• CCob / DRSAT

  View on GitHub
  Disconnected RSAT - A method of running Group Policy Manager, Certificate Authority and Certificate Templates MMC snap-ins from non-domai…
  ☆276Dec 27, 2024Updated last year
• decoder-it / printerbugnew

  View on GitHub
  The DCERPC only printerbug.py version
  ☆210Oct 30, 2025Updated 4 months ago
• NtDallas / BOF_RunPe

  View on GitHub
  BOF to run PE in Cobalt Strike Beacon without console creation
  ☆188Nov 23, 2025Updated 3 months ago
• trustedsec / DitExplorer

  View on GitHub
  Tool for viewing NTDS.dit
  ☆197Mar 14, 2025Updated last year
• BlackSnufkin / LitterBox

  View on GitHub
  A secure sandbox environment for malware developers and red teamers to test payloads against detection mechanisms before deployment. Inte…
  ☆1,330Nov 12, 2025Updated 4 months ago
• Offensive-Panda / LsassReflectDumping

  View on GitHub
  This tool leverages the Process Forking technique using the RtlCreateProcessReflection API to clone the lsass.exe process. Once the clone…
  ☆216Oct 19, 2024Updated last year
• 0xHossam / HuffLoader

  View on GitHub
  Huffman Coding in Shellcode Obfuscation & Dynamic Indirect Syscalls Loader.
  ☆283Apr 6, 2025Updated 11 months ago
• boku7 / StringReaper

  View on GitHub
  Reaping treasures from strings in remote processes memory
  ☆285Feb 8, 2025Updated last year
• zyn3rgy / smbtakeover

  View on GitHub
  BOF and Python3 implementation of technique to unbind 445/tcp on Windows via SCM interactions
  ☆346Nov 19, 2024Updated last year
• decoder-it / KrbRelayEx

  View on GitHub
  ☆381Oct 17, 2025Updated 5 months ago
• outflanknl / regcertipy

  View on GitHub
  Parses cached certificate templates from a Windows Registry file and displays them in the same style as Certipy does
  ☆95Jul 3, 2025Updated 8 months ago
• logangoins / Stifle

  View on GitHub
  .NET Post-Exploitation Utility for Abusing Strong Explicit Certificate Mappings in ADCS
  ☆150Feb 10, 2025Updated last year
• Mayyhem / Maestro

  View on GitHub
  Abusing Azure services over C2
  ☆367Jan 20, 2026Updated 2 months ago
• coffeegist / bofhound

  View on GitHub
  Generate BloodHound compatible JSON from logs written by ldapsearch BOF, pyldapsearch and Brute Ratel's LDAP Sentinel
  ☆371Jan 29, 2026Updated last month
• xforcered / ForsHops

  View on GitHub
  ForsHops
  ☆152Mar 25, 2025Updated 11 months ago
• quarkslab / proxyblob

  View on GitHub
  SOCKS5 proxy tool that uses Azure Blob Storage as a means of communication.
  ☆314Feb 16, 2026Updated last month