CICADA8-Research / LogHunterLinks
Opsec tool for finding user sessions by analyzing event log files through RPC (MS-EVEN)
☆72Updated last year
Alternatives and similar repositories for LogHunter
Users that are interested in LogHunter are comparing it to the libraries listed below
Sorting:
- Example code samples from our ScriptBlock Smuggling Blog post☆91Updated last year
- ☆147Updated 4 months ago
- ☆59Updated 10 months ago
- A BOF to retrieve decryption keys for WhatsApp Desktop and a utility script to decrypt the databases.☆79Updated 7 months ago
- Automated .NET AppDomain hijack payload generation☆127Updated 8 months ago
- A GUI wrapper inside of Havoc to interact with bloodhound CE☆71Updated last year
- ☆110Updated 7 months ago
- DebugAmsi is another way to bypass AMSI through the Windows process debugger mechanism.☆98Updated 2 years ago
- ☆57Updated 7 months ago
- An impacket-lite cli tool that combines many useful impacket functions using a single session.☆53Updated this week
- Abuse leaked token handles.☆132Updated last year
- This is a GRE PoC code for Talks: From Spoofing to Tunneling: New Red Team's Networking Techniques for Initial Access and Evasion☆77Updated last month
- Scripts I use to deploy Havoc on Linode and setup categorization and SSL☆42Updated last year
- Permanently disable EDRs as local admin☆105Updated 3 months ago
- PowerShell script to generate ShellCode in various formats☆43Updated last year
- .NET Post-Exploitation Utility for Abusing Explicit Certificate Mappings in ADCS☆149Updated 7 months ago
- ☆81Updated 4 months ago
- Duplicate not owned Token from Running Process☆72Updated 2 years ago
- Work, timer, and wait callback example using solely Native Windows APIs.☆89Updated last year
- Situational Awareness script to identify how and where to run implants☆65Updated 9 months ago
- Tamper Active Directory user attributes to collect their hashes with MS-SNTP☆41Updated 8 months ago
- ☆44Updated 3 months ago
- ☆91Updated 8 months ago
- Tool to bypass LSA Protection (aka Protected Process Light)☆58Updated 9 months ago
- Dump processes over WMI with MSFT_MTProcess☆56Updated 2 weeks ago
- Two in one, patch lifetime powershell console, no more etw and amsi!☆98Updated 5 months ago
- Tool to obtain hash using MS-SNTP for user accounts☆27Updated 8 months ago
- Pre-Auth Exploit for CVE-2024-40711☆54Updated last year
- Python tool to interact with WMI StdRegProv☆60Updated 10 months ago
- ☆192Updated 6 months ago