A collection of tools Neil and Andy have been working on released in one place and interlinked with previous tools
☆86Jul 12, 2023Updated 2 years ago
Alternatives and similar repositories for OffensiveSysAdmin
Users that are interested in OffensiveSysAdmin are comparing it to the libraries listed below
Sorting:
- Slinky Cat attempts to give users an easy-to-navigate menu offering predefined Active Directory Service Interfaces (ADSI) and .NET querie…☆80Jul 12, 2023Updated 2 years ago
- Modify managed functions from unmanaged code☆53Feb 1, 2024Updated 2 years ago
- A C# utility for interacting with SCCM☆682Aug 20, 2025Updated 6 months ago
- Cobalt Strike beacon object file that allows you to query and make changes to the Windows Registry☆31Feb 11, 2021Updated 5 years ago
- A repository with my code snippets for research/education purposes.☆53Jul 28, 2023Updated 2 years ago
- Dump NTDS with golden certificates and UnPAC the hash☆647Mar 20, 2024Updated last year
- Socks4a proxy leveraging PIC, Websockets and static obfuscation on assembly level☆235Oct 18, 2022Updated 3 years ago
- Cobalt Strike BOF for quser.exe implementation using Windows API☆87Mar 22, 2023Updated 2 years ago
- Scraping Kit is made up of several tools for scraping services for keywords, useful for initial enumeration of Domain Controllers or if y…☆99Jul 7, 2023Updated 2 years ago
- Tool for efficient directory enumeration☆65Jan 27, 2026Updated last month
- this repo is to cover the other undocumented or published / in different langaue to achieve shellcode injection via windows callback func…☆88Jun 24, 2022Updated 3 years ago
- Find DLLs with RWX section☆79Jul 3, 2023Updated 2 years ago
- Cobalt Strike BOF to list Windows Pipes & return their Owners & DACL Permissions☆94Mar 8, 2023Updated 2 years ago
- A small example of loading BOFs in Python with pure reflection☆19Jan 26, 2023Updated 3 years ago
- Maximizing BloodHound. Max is a good boy.☆531Apr 25, 2025Updated 10 months ago
- DPAPI looting remotely and locally in Python☆541Oct 7, 2025Updated 4 months ago
- Lateral Movement Using DCOM and DLL Hijacking☆325Jun 18, 2023Updated 2 years ago
- A collection of various and sundry code snippets that leverage .NET dynamic tradecraft☆145May 18, 2024Updated last year
- A C# tool to output crackable DPAPI hashes from user MasterKeys☆140Sep 14, 2024Updated last year
- Python library with CLI allowing to remotely dump domain user credentials via an ADCS without dumping the LSASS process memory☆398Aug 15, 2025Updated 6 months ago
- My implementation of the GIUDA project in C++☆189Jul 25, 2023Updated 2 years ago
- Federated Office365 user enumeration based on correlated response trend analysis☆49May 3, 2022Updated 3 years ago
- The code is a pingback to the Dark Vortex blog:☆186Jan 26, 2023Updated 3 years ago
- ☆129Jun 28, 2023Updated 2 years ago
- D/Invoke implementation in Nim☆101Jun 8, 2022Updated 3 years ago
- Enhanced version of secretsdump.py from Impacket. Adds multi-threading and accepts an input file with a list of target hosts for simultan…☆252Jul 31, 2023Updated 2 years ago
- Multithreaded C# .NET Assembly to enumerate accessible network shares in a domain☆34Nov 13, 2023Updated 2 years ago
- ☆137Jun 21, 2023Updated 2 years ago
- Indirect Syscalls: HellsGate in Nim, but making sure that all syscalls go through NTDLL (as in RecycledGate).☆186Feb 12, 2023Updated 3 years ago
- Create file system symbolic links from low privileged user accounts within PowerShell☆95Jun 20, 2022Updated 3 years ago
- Quietly enumerate an Active Directory Domain via LDAP parsing users, admins, groups, etc.☆500Jan 23, 2023Updated 3 years ago
- Indirect Dynamic Syscall, SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird …☆776Jan 26, 2026Updated last month
- LDAP Querying without the Suck☆110Nov 9, 2024Updated last year
- SuperSharpShares is a tool designed to automate enumerating domain shares, allowing for quick verification of accessible shares by your a…☆75May 3, 2024Updated last year
- A python port of CCob's ThreadlessInject☆25Mar 18, 2023Updated 2 years ago
- A simple rpc2socks alternative in pure Go.☆31Jul 8, 2024Updated last year
- C# POC to extract NetNTLMv1/v2 hashes from ETW provider☆258May 10, 2023Updated 2 years ago
- A VSCode devcontainer for development of COFF files with batteries included.☆50Jul 10, 2023Updated 2 years ago
- A PoC of the ContainYourself research presented in DEFCON 31, which abuses the Windows containers framework to bypass EDRs.☆318Aug 31, 2023Updated 2 years ago