EvanMcBroom / lsa-whisperer
Tools for interacting with authentication packages using their individual message protocols
☆297Updated 3 weeks ago
Related projects ⓘ
Alternatives and complementary repositories for lsa-whisperer
- Various resources to enhance Cobalt Strike's functionality and its ability to evade antivirus/EDR detection☆247Updated 6 months ago
- ☆180Updated last month
- BOF for Kerberos abuse (an implementation of some important features of the Rubeus).☆396Updated 2 weeks ago
- MaLDAPtive is a framework for LDAP SearchFilter parsing, obfuscation, deobfuscation and detection.☆222Updated 3 months ago
- AV/EDR Lab environment setup references to help in Malware development☆186Updated 3 weeks ago
- Abusing Intune for Lateral Movement over C2☆284Updated 2 weeks ago
- Open Source C&C Specification☆221Updated last month
- Python implementation of GhostPack's Seatbelt situational awareness tool☆196Updated last week
- ☆267Updated last year
- ☆294Updated 3 weeks ago
- Kill AV/EDR leveraging BYOVD attack☆309Updated last year
- .net config loader☆308Updated last year
- Some scripts to abuse kerberos using Powershell☆313Updated last year
- Ask a TGS on behalf of another user without password☆465Updated 3 months ago
- The GPOddity project, aiming at automating GPO attack vectors through NTLM relaying (and more).☆265Updated last week
- Dump lsass using only NTAPIs running 3 programs to create 3 JSON and 1 ZIP file... and generate the MiniDump later!☆351Updated last month
- Hide shellcode by shuffling bytes into a random array and reconstruct at runtime☆178Updated 4 months ago
- GregsBestFriend process injection code created from the White Knight Labs Offensive Development course☆171Updated last year
- .NET post-exploitation toolkit for Active Directory reconnaissance and exploitation☆219Updated 2 weeks ago
- comprehensive .NET tool designed to extract and display detailed information about Windows Defender exclusions and Attack Surface Reducti…☆190Updated 5 months ago
- ☆181Updated 9 months ago
- Freeze.rs is a payload toolkit for bypassing EDRs using suspended processes, direct syscalls written in RUST☆168Updated 2 months ago
- ☆217Updated last year
- ☆295Updated last year
- ☆279Updated 3 weeks ago
- ☆377Updated last year
- BOF and Python3 implementation of technique to unbind 445/tcp on Windows via SCM interactions☆270Updated this week
- Extracting NetNTLM without touching lsass.exe☆224Updated 11 months ago
- Lateral Movement Using DCOM and DLL Hijacking☆281Updated last year
- Disconnected GPO Editor - A Group Policy Manager launcher to allow editing of domain GPOs from non-domain joined machines☆149Updated 2 months ago