CICADA8-Research / LogHunterLinks
Opsec tool for finding user sessions by analyzing event log files through RPC (MS-EVEN)
☆72Updated last year
Alternatives and similar repositories for LogHunter
Users that are interested in LogHunter are comparing it to the libraries listed below
Sorting:
- ☆140Updated 2 months ago
- A tool for coercing and relaying Kerberos authentication over DCOM and RPC.☆115Updated 2 weeks ago
- ☆57Updated 5 months ago
- Example code samples from our ScriptBlock Smuggling Blog post☆91Updated last year
- TokenCert☆98Updated 8 months ago
- A BOF to retrieve decryption keys for WhatsApp Desktop and a utility script to decrypt the databases.☆78Updated 5 months ago
- PowerShell script to generate ShellCode in various formats☆42Updated 10 months ago
- Tamper Active Directory user attributes to collect their hashes with MS-SNTP☆39Updated 6 months ago
- Two in one, patch lifetime powershell console, no more etw and amsi!☆95Updated 3 months ago
- Construct the payload at runtime using an array of offsets☆63Updated last year
- Scripts I use to deploy Havoc on Linode and setup categorization and SSL☆40Updated last year
- .NET Post-Exploitation Utility for Abusing Explicit Certificate Mappings in ADCS☆148Updated 5 months ago
- Automated .NET AppDomain hijack payload generation☆127Updated 6 months ago
- Uses rpcdump to locate the ADCS server, and identify if ESC8 is vulnerable from unauthenticated perspective.☆82Updated 10 months ago
- DebugAmsi is another way to bypass AMSI through the Windows process debugger mechanism.☆97Updated last year
- this script adds the ability to encode shellcode (.bin) in XOR,chacha20, AES. You can choose between 2 loaders (Myph / 221b)☆83Updated last year
- C++ Staged Shellcode Loader with Evasion capabilities.☆95Updated 9 months ago
- A GUI wrapper inside of Havoc to interact with bloodhound CE☆71Updated last year
- Identify common EDR processes, directories, and services. Simple BOF of Invoke-EDRChecker.☆122Updated 10 months ago
- PoC for using MS Windows printers for persistence / command and control via Internet Printing☆147Updated last year
- ☆57Updated 8 months ago
- ☆107Updated 5 months ago
- Lateral Movement☆124Updated last year
- ☆41Updated last month
- Tool to bypass LSA Protection (aka Protected Process Light)☆55Updated 7 months ago
- Pure PowerShell port of PassTheCert tool to authenticate to an LDAP/S server with a certificate through Schannel☆47Updated 3 months ago
- Python tool to interact with WMI StdRegProv☆60Updated 8 months ago
- Tool to obtain hash using MS-SNTP for user accounts☆25Updated 6 months ago
- ☆188Updated 4 months ago
- Inject RDPThief into memory with PowerShell.☆65Updated 6 months ago