Records an executable's network activity into a Full Packet Capture file (.pcap) and much more.
☆455Dec 27, 2025Updated 2 months ago
Alternatives and similar repositories for WhoYouCalling
Users that are interested in WhoYouCalling are comparing it to the libraries listed below
Sorting:
- TypeLib persistence technique☆140Oct 22, 2024Updated last year
- Dump lsass using only NTAPI functions creating 3 JSON and 1 ZIP file... and generate the MiniDump file later!☆539May 9, 2025Updated 9 months ago
- A secure sandbox environment for malware developers and red teamers to test payloads against detection mechanisms before deployment. Inte…☆1,314Nov 12, 2025Updated 3 months ago
- .NET tool used to enrich RPC telemetry☆101Jan 24, 2026Updated last month
- Abusing Azure services over C2☆367Jan 20, 2026Updated last month
- Lifetime AMSI bypass.☆36Apr 21, 2025Updated 10 months ago
- Azure Post Exploitation Framework☆244Oct 27, 2025Updated 4 months ago
- Disconnected RSAT - A method of running Group Policy Manager, Certificate Authority and Certificate Templates MMC snap-ins from non-domai…☆275Dec 27, 2024Updated last year
- .NET Post-Exploitation Utility for Abusing Strong Explicit Certificate Mappings in ADCS☆150Feb 10, 2025Updated last year
- DLL proxy load example using the Windows thread pool API, I/O completion callback with named pipes, and C++/assembly☆63Mar 19, 2024Updated last year
- Protection against HTML smuggling attacks.☆101Jul 10, 2025Updated 7 months ago
- This tool leverages the Process Forking technique using the RtlCreateProcessReflection API to clone the lsass.exe process. Once the clone…☆215Oct 19, 2024Updated last year
- ☆17Jan 9, 2025Updated last year
- SACL Scanner is a tool designed to scan and analyze SACLs.☆51Feb 13, 2025Updated last year
- The best powershell obfuscator ever made☆124Aug 1, 2025Updated 7 months ago
- RedInfraCraft automates the deployment of powerful red team infrastructures! It streamlines the setup of C2s, makes it easy to create adv…☆228Mar 28, 2025Updated 11 months ago
- A tool that takes over Windows Updates to craft custom downgrades and expose past fixed vulnerabilities☆701Oct 26, 2024Updated last year
- ☆207Dec 17, 2025Updated 2 months ago
- An App Domain Manager Injection DLL PoC on steroids☆212Dec 14, 2023Updated 2 years ago
- A tool to modify SCCM remote control settings on the client machine, enabling remote control without permission prompts or notifications.…☆116Oct 20, 2024Updated last year
- NyxInvoke is a Rust CLI tool for running .NET assemblies, PowerShell, and BOFs with Patchless AMSI and ETW bypass features. with Dual-bui…☆232Feb 12, 2025Updated last year
- Adaptive DLL hijacking / dynamic export forwarding - EAT preserve☆79Aug 5, 2024Updated last year
- ☆285Aug 14, 2025Updated 6 months ago
- Proof-of-concept modular implant platform leveraging v8☆54Mar 4, 2025Updated last year
- An offensive postexploitation tool that will give you complete control over the Outlook desktop application and therefore to the emails c…☆166Oct 9, 2024Updated last year
- a short C code POC to gain persistence and evade sysmon event code registry (creation, update and deletion) REG_NOTIFY_CLASS Registry Cal…☆65Aug 23, 2023Updated 2 years ago
- Nameless C2 - A C2 with all its components written in Rust☆283Sep 26, 2024Updated last year
- Misconfiguration Manager is a central knowledge base for all known Microsoft Configuration Manager tradecraft and associated defensive an…☆1,097Feb 20, 2026Updated last week
- Linux Sleep Obfuscation☆112Jan 7, 2024Updated 2 years ago
- A BloodHound collector for Microsoft Configuration Manager☆391Jul 7, 2025Updated 7 months ago
- a tool to help operate in EDRs' blind spots☆767Dec 2, 2024Updated last year
- A new technique that can be used to bypass memory scanners. This can be useful in hiding problematic code (such as reflective loaders imp…☆341Oct 7, 2024Updated last year
- ☆40Oct 8, 2024Updated last year
- TokenSmith generates Entra ID access & refresh tokens on offensive engagements. It is suitable for both covert adversary simulations and …☆382Jan 23, 2025Updated last year
- BadExclusions is a tool to identify folder custom or undocumented exclusions on AV/EDR☆21Feb 8, 2024Updated 2 years ago
- ☆59Oct 24, 2024Updated last year
- Collect Windows telemetry for Maldev☆460Jan 30, 2026Updated last month
- Microsoft Graph API post-exploitation toolkit☆95Jul 13, 2024Updated last year
- Python implementation of GhostPack's Seatbelt situational awareness tool☆271Nov 12, 2024Updated last year