Calling the undocumented DPAPI RPC interface directly, no more calling public CryptUnprotectData!
☆75Feb 4, 2026Updated 3 weeks ago
Alternatives and similar repositories for CustomDpapi
Users that are interested in CustomDpapi are comparing it to the libraries listed below
Sorting:
- Create local administrators with the SAMR API (lowest-level technique). Implemented in C#, Crystal, Python and Rust☆56Jan 27, 2026Updated last month
- A Windows tool that converts LDIF files to BloodHound CE☆26Dec 20, 2025Updated 2 months ago
- Playing with PE's and Building Structures by Hand☆22Apr 21, 2022Updated 3 years ago
- ☆10Oct 29, 2019Updated 6 years ago
- Semantic analysis engine for detecting vulnerability fixes in Windows kernel driver patches — 58 YAML rules, Ghidra decompilation, reacha…☆49Updated this week
- Asynchronous RDP/VNC client for Python (GUI)☆75Jan 1, 2025Updated last year
- A lightweight Windows Prefetch file parser to extract programs' execution history☆66Jan 12, 2026Updated last month
- CVE-2025-59501 POC code☆25Nov 20, 2025Updated 3 months ago
- Timestomping module: overwrite file create/modify times in .NET (no pinvoke)☆27Dec 13, 2021Updated 4 years ago
- A C# utility for interacting with SCOM☆96Dec 2, 2025Updated 3 months ago
- ☆18Feb 1, 2026Updated last month
- Cobaltstrike Reflective Loader with Synthetic Stackframe☆186Jan 17, 2026Updated last month
- Python and BOF utilites to the determine EPA enforcement levels of popular NTLM relay targets from the offensive perspective☆166Jan 12, 2026Updated last month
- Repository of Microsoft Driver Block Lists based off of OS-builds☆43Apr 14, 2024Updated last year
- PowerShell SharePoint extraction + auditing tool for red/blue/purple teams. Enumerates all SharePoint sites/drives a user can access via …☆113Jan 25, 2026Updated last month
- WSUS Unauthenticated RCE☆169Oct 28, 2025Updated 4 months ago
- ELF Beacon Object File (BOF) Template☆19Nov 18, 2024Updated last year
- Library of BOFs to interact with SQL servers☆16Dec 6, 2024Updated last year
- LibWinHttp is a simplified WinHTTP wrapper designed as a Crystal Palace shared library for implant development. Its primary purpose is to…☆41Nov 4, 2025Updated 3 months ago
- A simple tool for enumerating dynamic endpoints on a DCE/RPC remote or local endpoint mapper.☆15Oct 9, 2020Updated 5 years ago
- Proof-of-Concept to evade auditd by tampering via ptrace☆19Aug 3, 2023Updated 2 years ago
- Python script to leverage MSFT_MTProcess WMI class☆39Sep 17, 2025Updated 5 months ago
- Dll injection through code page id modification in registry. Based on jonas lykk research☆17Jun 18, 2022Updated 3 years ago
- A C# tool for extracting information from SCCM PXE boot media.☆51Jan 14, 2026Updated last month
- Injector with kernel power☆18Jan 2, 2021Updated 5 years ago
- Cobalt Strike UDC2 implementation that provides an Slack C2 channel☆60Jan 5, 2026Updated last month
- Convert .reg to registry hive and reciprocally, without elevation☆83Feb 18, 2026Updated last week
- Cobalt Strike Aggressor Script for identifying security products on Windows hosts — six enumeration methods rated by noise level, from si…☆37Feb 6, 2026Updated 3 weeks ago
- ☆73Feb 12, 2026Updated 2 weeks ago
- rust port of pspy with support for process monitoring over dbus☆36Jan 4, 2026Updated last month
- Bloodhound python Ingestor using ADWS☆31Feb 4, 2026Updated 3 weeks ago
- Self-cleaning in-memory PICO loader for Crystal Palace. Automatically erases traces and operates entirely in memory for stealthy payload …☆48Nov 2, 2025Updated 4 months ago
- a BOF implementation of various registry persistence methods☆94Nov 11, 2025Updated 3 months ago
- A Beacon Object File (BOF) for Havoc/CS to Bypass PPL and Dump Lsass☆167Sep 22, 2025Updated 5 months ago
- Cisco Unfied Call Manager enumeration☆25Jul 13, 2022Updated 3 years ago
- ☆26Aug 5, 2025Updated 6 months ago
- IOXIDResolver from AirBus Security/PingCastle☆51Nov 25, 2020Updated 5 years ago
- A python port of @dafthack's MFAsweep with some added OPSEC functionality. MFAde can be used to find single-factor authentication failure…☆51Jul 18, 2025Updated 7 months ago
- A tool for coercing and relaying Kerberos authentication over DCOM and RPC.☆147Jul 17, 2025Updated 7 months ago