GhostPack / Koh
The Token Stealer
☆490Updated 2 years ago
Alternatives and similar repositories for Koh:
Users that are interested in Koh are comparing it to the libraries listed below
- A Payload Loader Designed With Advanced Evasion Features☆510Updated 2 years ago
- A PoC that packages payloads into output containers to evade Mark-of-the-Web flag & demonstrate risks associated with container file form…☆909Updated 9 months ago
- Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory. Ivy’s loader does this by …☆744Updated last year
- WSuspicious - A tool to abuse insecure WSUS connections for privilege escalations☆353Updated 4 years ago
- Stop Defender Service using C# via Token Impersonation☆170Updated 3 years ago
- Lifetime AMSI bypass☆620Updated last year
- Framework for Kerberos relaying☆902Updated 2 years ago
- Proof-of-concept obfuscation toolkit for C# post-exploitation tools☆420Updated 2 years ago
- ☆407Updated last year
- Standalone implementation of a part of the WSUS spec. Built for offensive security purposes.☆303Updated 2 years ago
- StandIn is a small .NET35/45 AD post-exploitation toolkit☆755Updated last year
- A list of methods to coerce a windows machine to authenticate to an attacker-controlled machine through a Remote Procedure Call (RPC) wit…☆516Updated 2 months ago
- Proof-of-concept obfuscation toolkit for C# post-exploitation tools☆532Updated 2 years ago
- JustEvadeBro, a cheat sheet which will aid you through AMSI/AV evasion & bypasses.☆307Updated 7 months ago
- An other No-Fix LPE, NTLMRelay2Self over HTTP (Webdav).☆401Updated last year
- A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other ob…☆458Updated 2 years ago
- Dump NTDS with golden certificates and UnPAC the hash☆632Updated last year
- .NET project for installing Persistence☆468Updated 9 months ago
- DPAPI looting remotely and locally in Python☆450Updated this week
- Collection of remote authentication triggers in C#☆479Updated 10 months ago
- OpSec-safe Powershell runspace from within C# (aka SharpPick) with AMSI, Constrained Language Mode and Script Block Logging disabled at s…☆518Updated 2 years ago
- A User Impersonation tool - via Token or Shellcode injection☆413Updated 2 years ago
- VPN Overall Reconnaissance, Testing, Enumeration and eXploitation Toolkit☆431Updated last year
- Collection of C# projects. Useful for pentesting and redteaming.☆305Updated last year
- NTLM relaying for Windows made easy☆559Updated last year
- A .NET Framework 4.0 Windows Agent☆468Updated last week
- ☆377Updated 6 months ago
- Python library with CLI allowing to remotely dump domain user credentials via an ADCS without dumping the LSASS process memory☆387Updated last year
- XLL Phishing Tradecraft☆413Updated 2 years ago
- ☆335Updated 3 years ago