GhostPack / Koh
The Token Stealer
☆490Updated 2 years ago
Alternatives and similar repositories for Koh:
Users that are interested in Koh are comparing it to the libraries listed below
- Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory. Ivy’s loader does this by …☆741Updated last year
- .NET project for installing Persistence☆462Updated 8 months ago
- A PoC that packages payloads into output containers to evade Mark-of-the-Web flag & demonstrate risks associated with container file form…☆899Updated 8 months ago
- Stop Defender Service using C# via Token Impersonation☆170Updated 3 years ago
- A Payload Loader Designed With Advanced Evasion Features☆511Updated 2 years ago
- A tool to escalate privileges in an active directory network by coercing authenticate from machine accounts and relaying to the certifica…☆828Updated last year
- OpSec-safe Powershell runspace from within C# (aka SharpPick) with AMSI, Constrained Language Mode and Script Block Logging disabled at s…☆516Updated 2 years ago
- NTLM relaying for Windows made easy☆556Updated last year
- ☆404Updated last year
- Multi-Packer wrapper letting us daisy-chain various packers, obfuscators and other Red Team oriented weaponry. Featured with artifacts wa…☆938Updated 2 months ago
- Mangle is a tool that manipulates aspects of compiled executables (.exe or DLL) to avoid detection from EDRs☆1,184Updated last year
- FrostByte is a POC project that combines different defense evasion techniques to build better redteam payloads☆383Updated 2 years ago
- Cobalt Strike BOF that spawns a sacrificial process, injects it with shellcode, and executes payload. Built to evade EDR/UserLand hooks b…☆449Updated last year
- Framework for Kerberos relaying☆893Updated 2 years ago
- Proof-of-concept obfuscation toolkit for C# post-exploitation tools☆518Updated 2 years ago
- ⚡ Create infinite UAC prompts forcing a user to run as admin ⚡☆250Updated 2 years ago
- ☆931Updated this week
- Fork of SafetyKatz that dynamically fetches the latest pre-compiled release of Mimikatz directly from gentilkiwi GitHub repo, runtime pat…☆854Updated 3 years ago
- A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other ob…☆456Updated 2 years ago
- A .NET Framework 4.0 Windows Agent☆463Updated this week
- Get file less command execution for lateral movement.☆612Updated 2 years ago
- Proof-of-concept obfuscation toolkit for C# post-exploitation tools☆417Updated 2 years ago
- VPN Overall Reconnaissance, Testing, Enumeration and eXploitation Toolkit☆429Updated last year
- Various Cobalt Strike BOFs☆614Updated 2 years ago
- This POC gives you the possibility to compile a .exe to completely avoid statically detection by AV/EPP/EDR of your C2-shellcode and down…☆246Updated last year
- C# Based Universal API Unhooker☆396Updated 3 years ago
- Azure Outlook Command & Control (C2) - Remotely control a compromised Windows Device from your Outlook mailbox. Threat Emulation Tool for…☆475Updated last year
- WSuspicious - A tool to abuse insecure WSUS connections for privilege escalations☆354Updated 4 years ago
- A .NET XOR encrypted cobalt strike aggressor implementation for chisel to utilize faster proxy and advanced socks5 capabilities.☆447Updated 11 months ago
- StandIn is a small .NET35/45 AD post-exploitation toolkit☆744Updated last year