Hagrid29/CertifyKit

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/Hagrid29/CertifyKit)

Hagrid29 / CertifyKit

Active Directory certificate abuse

☆43

Alternatives and similar repositories for CertifyKit

Users that are interested in CertifyKit are comparing it to the libraries listed below

Sorting:

N4kedTurtle / SharpTeamsDump
View on GitHub
Dump Teams conversations
☆18Jun 9, 2021Updated 4 years ago
xpn / WAMBam
View on GitHub
Tooling related to the WAM Bam - Recovering Web Tokens From Office blog post
☆130Jan 14, 2023Updated 3 years ago
MaorSabag / interactive-execute-shellcode
View on GitHub
A simple PoC of injection shellcode into a remote process and get the output using namepipe
☆44Jan 10, 2024Updated 2 years ago
nettitude / TokenCert
View on GitHub
TokenCert
☆102Nov 15, 2024Updated last year
Luct0r / KerberOPSEC
View on GitHub
OPSEC safe Kerberoasting in C#
☆198Jun 14, 2022Updated 3 years ago
codyburkard / azol
View on GitHub
Azure Offensive Library
☆17Oct 18, 2025Updated 4 months ago
pwnsauc3 / RWXfinder
View on GitHub
The program uses the Windows API functions to traverse through directories and locate DLL files with RWX section
☆111Jul 15, 2023Updated 2 years ago
MaorSabag / TrueSightKiller
View on GitHub
CPP AV/EDR Killer
☆480Nov 28, 2023Updated 2 years ago
0x1408 / gamesense-Loader
View on GitHub
This project is an almost one-to-one copy of the original cheatloader by gamesense in C#.
☆10Dec 28, 2022Updated 3 years ago
YOLOP0wn / yolo-mssqlclient
View on GitHub
custom impacket mssqlclient
☆26Sep 16, 2023Updated 2 years ago
RedSiege / CredCheck
View on GitHub
.NET wrapper around LogonUserA to test creds
☆12Jun 2, 2022Updated 3 years ago
jfmaes / blogposts-talks-and-tidbits
View on GitHub
all random stuff that dont warrant a seperate repo
☆12Sep 2, 2022Updated 3 years ago
OmriBaso / RToolZ
View on GitHub
A Stealthy Lsass Dumper - can abuse ProcExp152.sys driver to dump PPL Lsass, no dbghelp.lib calls.
☆326Jan 31, 2023Updated 3 years ago
exploide / bhcli
View on GitHub
CLI tool to interact with the BloodHound CE API
☆69Jan 4, 2026Updated last month
ricardojoserf / NativeDump
View on GitHub
Dump lsass using only NTAPI functions by hand-crafting Minidump files (without MiniDumpWriteDump!!!)
☆701May 7, 2025Updated 9 months ago
aleemladha / wazuh_server_install
View on GitHub
Installing wazuh SIEM Unified XDR and SIEM protection
☆33Jun 3, 2025Updated 9 months ago
hackforyourentertainment / Misery
View on GitHub
Misery Loader to bypass modern EDR solutions
☆18Dec 20, 2024Updated last year
Maldev-Academy / HellHall
View on GitHub
Performing Indirect Clean Syscalls
☆605Apr 19, 2023Updated 2 years ago
arth0sz / Practice-AD-CS-Domain-Escalation
View on GitHub
Introductory guide on the configuration and subsequent exploitation of Active Directory Certificate Services with Certipy. Based on the w…
☆141Sep 4, 2023Updated 2 years ago
leftp / DPAPISnoop
View on GitHub
A C# tool to output crackable DPAPI hashes from user MasterKeys
☆140Sep 14, 2024Updated last year
Sh0ckFR / API-Hashing
View on GitHub
A basic exemple of the API-Hashing method used by Red Teamers but also by malwares developers in C++
☆37Jan 10, 2024Updated 2 years ago
zimnyaa / noWatch
View on GitHub
Implant drop-in for EDR testing
☆147Nov 15, 2023Updated 2 years ago
mitchmoser / SharpShares
View on GitHub
Multithreaded C# .NET Assembly to enumerate accessible network shares in a domain
☆374Sep 20, 2025Updated 5 months ago
caueb / ThreadlessStompingKann
View on GitHub
Combining 3 techniques (Threadless Injection + DLL Stomping + Caro-Kann) together to evade MDE.
☆79Dec 23, 2023Updated 2 years ago
nettitude / ETWHash
View on GitHub
C# POC to extract NetNTLMv1/v2 hashes from ETW provider
☆258May 10, 2023Updated 2 years ago
ricardojoserf / NativeBypassCredGuard
View on GitHub
Bypass Credential Guard by patching WDigest.dll using only NTAPI functions
☆266Apr 8, 2025Updated 10 months ago
Hackcraft-Labs / SharpShares
View on GitHub
Multithreaded C# .NET Assembly to enumerate accessible network shares in a domain
☆34Nov 13, 2023Updated 2 years ago
EgeBalci / syscall_api
View on GitHub
☆38Jun 5, 2023Updated 2 years ago
postrequest / safetydump
View on GitHub
MiniDump a process in memory with rust
☆37Jun 20, 2021Updated 4 years ago
dr4k0nia / NixImports
View on GitHub
A .NET malware loader, using API-Hashing to evade static analysis
☆210May 30, 2023Updated 2 years ago
gabriellandau / EDRSandblast-GodFault
View on GitHub
EDRSandblast-GodFault
☆271Aug 28, 2023Updated 2 years ago
EvilBytecode / Amsi-Patch-Updated-2025
View on GitHub
How to bypass AMSI (Antimalware Scan Interface) in PowerShell/C++ by dynamically patching the AmsiScanBuffer function.
☆25Apr 21, 2025Updated 10 months ago
kopp0ut / godropit
View on GitHub
Purple Team Dropper generator using open source templates.
☆17May 23, 2024Updated last year
NotMedic / Invoke-Nanodump
View on GitHub
HelpSystems Nanodump, but wrapped in powershell via Invoke-ReflectivePEInjection
☆58Feb 20, 2022Updated 4 years ago
MaorSabag / HollowMask
View on GitHub
Just another Process Injection using Process Hollowing technique.
☆18Sep 18, 2023Updated 2 years ago
VirtualAlllocEx / Create_Thread_Inline_Assembly_x86
View on GitHub
This POC provides the possibilty to execute x86 shellcode in form of a .bin file based on x86 inline assembly
☆20Apr 17, 2023Updated 2 years ago
VirtualAlllocEx / Direct-Syscalls-vs-Indirect-Syscalls
View on GitHub
The following two code samples can be used to understand the difference between direct syscalls and indirect syscalls
☆228Jan 20, 2024Updated 2 years ago
Maldev-Academy / Christmas
View on GitHub
PoC demonstrating a multi process injection chain aimed at remotely executing shellcode
☆260Jan 21, 2024Updated 2 years ago
jarnovandenbrink / getSPNless
View on GitHub
Python tool to automatically perform SPN-less RBCD attacks.
☆120Jan 7, 2026Updated last month