CICADA8-Research / LogHunterLinks
Opsec tool for finding user sessions by analyzing event log files through RPC (MS-EVEN)
☆75Updated last year
Alternatives and similar repositories for LogHunter
Users that are interested in LogHunter are comparing it to the libraries listed below
Sorting:
- ☆148Updated 5 months ago
- Example code samples from our ScriptBlock Smuggling Blog post☆91Updated last year
- ☆57Updated 8 months ago
- Automated .NET AppDomain hijack payload generation☆127Updated 8 months ago
- A BOF to retrieve decryption keys for WhatsApp Desktop and a utility script to decrypt the databases.☆86Updated 7 months ago
- ☆59Updated 11 months ago
- Dump processes over WMI with MSFT_MTProcess☆75Updated last month
- PowerShell script to generate ShellCode in various formats☆43Updated last year
- Two in one, patch lifetime powershell console, no more etw and amsi!☆96Updated 5 months ago
- Uses rpcdump to locate the ADCS server, and identify if ESC8 is vulnerable from unauthenticated perspective.☆82Updated last year
- Tamper Active Directory user attributes to collect their hashes with MS-SNTP☆41Updated 9 months ago
- Tool to bypass LSA Protection (aka Protected Process Light)☆58Updated 9 months ago
- Lateral Movement☆124Updated last year
- ☆109Updated 8 months ago
- ☆192Updated 6 months ago
- Python tool to interact with WMI StdRegProv☆61Updated 11 months ago
- ☆83Updated 5 months ago
- .NET Post-Exploitation Utility for Abusing Strong Explicit Certificate Mappings in ADCS☆150Updated 8 months ago
- PoC for using MS Windows printers for persistence / command and control via Internet Printing☆148Updated last year
- A tool to abuse weak permissions of Active Directory Discretionary Access Control Lists (DACLs) and Access Control Entries (ACEs)☆60Updated 3 months ago
- Permanently disable EDRs as local admin☆118Updated 2 weeks ago
- Abuse leaked token handles.☆132Updated last year
- DebugAmsi is another way to bypass AMSI through the Windows process debugger mechanism.☆98Updated 2 years ago
- A GUI wrapper inside of Havoc to interact with bloodhound CE☆71Updated last year
- Tool to extract username and password of current user from PanGPA in plaintext☆88Updated 10 months ago
- Scripts I use to deploy Havoc on Linode and setup categorization and SSL☆42Updated last year
- Pre-Auth Exploit for CVE-2024-40711☆53Updated last year
- ☆92Updated 9 months ago
- Version 2 - A modern 64-bit position independent meterpreter and Sliver compatible reverse_TCP Staging Shellcode based on Cracked5piders …☆100Updated 6 months ago
- An impacket-lite cli tool that combines many useful impacket functions using a single session.☆54Updated 2 weeks ago