RunAs Utility Credential Stealer implementing 3 techniques : Hooking CreateProcessWithLogonW, Smart Keylogging, Remote Debugging
☆204Mar 6, 2025Updated 11 months ago
Alternatives and similar repositories for RunAs-Stealer
Users that are interested in RunAs-Stealer are comparing it to the libraries listed below
Sorting:
- Smart keylogging capability to steal SSH Credentials including password & Private Key☆152Mar 26, 2025Updated 11 months ago
- Bypass Credential Guard by patching WDigest.dll using only NTAPI functions☆266Apr 8, 2025Updated 10 months ago
- A C++ proof of concept demonstrating the exploitation of Windows Protected Process Light (PPL) by leveraging COM-to-.NET redirection and …☆334Mar 6, 2025Updated 11 months ago
- BOF with Synthetic Stackframe☆230Oct 30, 2025Updated 4 months ago
- Red teaming tool to dump LSASS memory, bypassing basic countermeasures.☆246Nov 2, 2025Updated 4 months ago
- An x64 position-independent shellcode stager that verifies the stage it retrieves prior to execution☆195Nov 27, 2024Updated last year
- SharpExShell automates the DCOM lateral movment technique which abuses ActivateMicrosoftApp method of Excel application.☆75May 1, 2024Updated last year
- A Mythic agent for Windows written in C☆158Feb 22, 2026Updated last week
- .NET Post-Exploitation Utility for Abusing Strong Explicit Certificate Mappings in ADCS☆150Feb 10, 2025Updated last year
- ForsHops☆152Mar 25, 2025Updated 11 months ago
- Abusing Azure services over C2☆367Jan 20, 2026Updated last month
- Stage 0☆169Dec 18, 2024Updated last year
- Cobalt Strike BOF for evasive .NET assembly execution☆308Mar 31, 2025Updated 11 months ago
- Reaping treasures from strings in remote processes memory☆285Feb 8, 2025Updated last year
- Dump lsass using only NTAPI functions creating 3 JSON and 1 ZIP file... and generate the MiniDump file later!☆539May 9, 2025Updated 9 months ago
- Sleep obfuscation☆268Dec 13, 2024Updated last year
- One-header configurable C++20 COFF loader☆21Jul 21, 2025Updated 7 months ago
- Stealthily inject shellcode into an executable☆452Oct 19, 2025Updated 4 months ago
- This tool leverages the Process Forking technique using the RtlCreateProcessReflection API to clone the lsass.exe process. Once the clone…☆215Oct 19, 2024Updated last year
- Retrieve LAPS passwords from a domain. The tools is inspired in pyLAPS.☆87Mar 6, 2025Updated 11 months ago
- SoaPy is a Proof of Concept (PoC) tool for conducting offensive interaction with Active Directory Web Services (ADWS) from Linux hosts.☆262Feb 21, 2025Updated last year
- Leverage a legitimate WFP callout driver to prevent EDR agents from sending telemetry☆458Aug 2, 2024Updated last year
- Adversary Emulation Framework☆130Jul 1, 2025Updated 8 months ago
- kernel callback removal (Bypassing EDR Detections)☆211Nov 14, 2025Updated 3 months ago
- StoneKeeper C2, an experimental EDR evasion framework for research purposes☆209Dec 25, 2024Updated last year
- Waiting Thread Hijacking - injection by overwriting the return address of a waiting thread☆264Aug 31, 2025Updated 6 months ago
- A PowerShell console in C/C++ with all the security features disabled☆364Oct 14, 2025Updated 4 months ago
- A PoC for Early Cascade process injection technique.☆211Jan 30, 2025Updated last year
- Weaponizing DCOM for NTLM Authentication Coercions☆275Jul 1, 2025Updated 8 months ago
- Library that eases the use of indirect syscalls. Quite interesting AV/EDR bypass as PoC.☆166Jul 30, 2025Updated 7 months ago
- A new technique that can be used to bypass memory scanners. This can be useful in hiding problematic code (such as reflective loaders imp…☆341Oct 7, 2024Updated last year
- POC exploit for CVE-2025-21333 heap-based buffer overflow. It leverages WNF state data and I/O ring IOP_MC_BUFFER_ENTRY☆227Apr 12, 2025Updated 10 months ago
- DCOM Lateral movement POC abusing the IMsiServer interface - uploads and executes a payload remotely☆382Dec 13, 2024Updated last year
- A version of NetLoader, Execute Assemblies and Bypass ETW and AMSI using Hardware Breakpoints☆123Jul 11, 2025Updated 7 months ago
- A Rust implementation of Internal-Monologue — retrieving NetNTLM hashes without touching LSASS, leveraging SSPI for NTLM negotiation and …☆191Apr 26, 2025Updated 10 months ago
- BOF that finds all the Nt* system call stubs within NTDLL and overwrites with clean syscall stubs (user land hook evasion)☆195Feb 6, 2025Updated last year
- Dump lsass using only NTAPI functions by hand-crafting Minidump files (without MiniDumpWriteDump!!!)☆701May 7, 2025Updated 9 months ago
- A Rust port of LayeredSyscall — performs indirect syscalls while generating legitimate API call stack frames by abusing VEH.☆164Oct 31, 2024Updated last year
- A Rust implementation of GodPotato — abusing SeImpersonate to gain SYSTEM privileges. Includes a TCP-based reverse shell and indirect NTA…☆354Apr 26, 2025Updated 10 months ago