Leo4j/PPLKiller external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

Leo4j/PPLKiller

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/Leo4j/PPLKiller)

Close

Leo4j / PPLKillerView on GitHubMore

• External links
• Readme badge

Tool to bypass LSA Protection (aka Protected Process Light)

☆64Jan 2, 2025Updated last year

Alternatives and similar repositories for PPLKiller

Users that are interested in PPLKiller are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• jojonas / SharpSAMDump

  View on GitHub
  SAM Dumping in C#
  ☆55Nov 27, 2025Updated 4 months ago
• deepinstinct / DCOMUploadExec

  View on GitHub
  DCOM Lateral movement POC abusing the IMsiServer interface - uploads and executes a payload remotely
  ☆384Dec 13, 2024Updated last year
• grayhatkiller / SharpExShell

  View on GitHub
  SharpExShell automates the DCOM lateral movment technique which abuses ActivateMicrosoftApp method of Excel application.
  ☆75May 1, 2024Updated last year
• synacktiv / OUned

  View on GitHub
  The OUned project automating Active Directory Organizational Units ACL exploitation through gPLink poisoning
  ☆156Nov 2, 2025Updated 4 months ago
• kozmer / dcsync-bof

  View on GitHub
  dcsync bof
  ☆46Feb 13, 2026Updated last month
• 1-Click AI Models by DigitalOcean Gradient • Ad
  Deploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click and start building anything your business needs.
• jfjallid / go-lsass

  View on GitHub
  Tool to aid in dumping LSASS process remotely
  ☆42Sep 23, 2025Updated 6 months ago
• mlcsec / EDRenum-BOF

  View on GitHub
  Identify common EDR processes, directories, and services. Simple BOF of Invoke-EDRChecker.
  ☆133Oct 4, 2024Updated last year
• The-Viper-One / Invoke-PowerDPAPI

  View on GitHub
  Decrypt SCCM and DPAPI secrets with Powershell.
  ☆45Jun 24, 2025Updated 9 months ago
• ricardojoserf / NativeBypassCredGuard

  View on GitHub
  Bypass Credential Guard by patching WDigest.dll using only NTAPI functions
  ☆268Apr 8, 2025Updated 11 months ago
• safedv / RustiveDump

  View on GitHub
  LSASS memory dumper using only NTAPIs, creating a minimal minidump. It can be compiled as shellcode (PIC), supports XOR encryption, and r…
  ☆385Apr 26, 2025Updated 11 months ago
• ricardojoserf / SharpSelfDelete

  View on GitHub
  PoC to self-delete a binary in C#
  ☆36Feb 6, 2024Updated 2 years ago
• realstatus / CVE-2024-40711-Exp

  View on GitHub
  CVE-2024-40711-exp
  ☆43Oct 17, 2024Updated last year
• MWR-CyberSec / AD-CS-Forest-Exploiter

  View on GitHub
  Exploit AD CS misconfiguration allowing privilege escalation and persistence from any child domain to full forest compromise
  ☆129Dec 2, 2023Updated 2 years ago
• rad9800 / FileRenameJunctionsEDRDisable

  View on GitHub
  ☆158Dec 13, 2024Updated last year
• DigitalOcean Gradient AI Platform • Ad
  Build production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
• nbaertsch / Shrike

  View on GitHub
  Hunting and injecting RWX 'mockingjay' DLLs in pure nim
  ☆60Dec 11, 2024Updated last year
• deh00ni / NtDumpBOF

  View on GitHub
  ☆100Sep 1, 2024Updated last year
• waawaa / Hooked-Injector

  View on GitHub
  Hooked create process injection for meterpreter
  ☆23Jun 16, 2021Updated 4 years ago
• logangoins / Krueger

  View on GitHub
  Proof of Concept (PoC) .NET tool for remotely killing EDR with WDAC
  ☆424Sep 29, 2025Updated 5 months ago
• Macmod / ldapx

  View on GitHub
  Flexible LDAP proxy that can be used to inspect & transform all LDAP packets generated by other tools on the fly.
  ☆197Feb 16, 2026Updated last month
• CrowdStrike / sccmhound

  View on GitHub
  A BloodHound collector for Microsoft Configuration Manager
  ☆396Jul 7, 2025Updated 8 months ago
• Yeeb1 / MagicBOFs

  View on GitHub
  A small set of Beacon Object Files (BOFs) that I developed over the time with a Magic: The Gathering theme.
  ☆18Jul 15, 2025Updated 8 months ago
• Leo4j / Invoke-ShareHunter

  View on GitHub
  Enumerate the Domain for Readable and Writable Shares
  ☆23Nov 14, 2025Updated 4 months ago
• Shrfnt77 / SharpCoercer

  View on GitHub
  SharpCoercer is a .NET 4.8 C# tool that leverages 16 different RPC-based coercion methods to force remote Windows hosts to authenticate t…
  ☆56Jul 13, 2025Updated 8 months ago
• 1-Click AI Models by DigitalOcean Gradient • Ad
  Deploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click and start building anything your business needs.
• strozfriedberg / DNSForge

  View on GitHub
  ☆14Dec 11, 2025Updated 3 months ago
• sap8899 / Group3rExplorer

  View on GitHub
  Fun GUI for Group3rs output log
  ☆37Aug 14, 2023Updated 2 years ago
• decoder-it / KrbRelayEx-RPC

  View on GitHub
  ☆198Mar 28, 2025Updated 11 months ago
• antonioCoco / SspiUacBypass

  View on GitHub
  Bypassing UAC with SSPI Datagram Contexts
  ☆464Sep 24, 2023Updated 2 years ago
• Leo4j / Invoke-SMBRemoting

  View on GitHub
  Interactive Shell and Command Execution over Named-Pipes (SMB) for Fileless lateral movement
  ☆182May 19, 2025Updated 10 months ago
• Phil0x4a / msuserstats

  View on GitHub
  msuserstats is a comprehensive Powershell tool to manage accounts from Microsoft Entra ID and Active Directory. It supports: a unified vi…
  ☆43Mar 13, 2025Updated last year
• garrettfoster13 / mssqlkaren

  View on GitHub
  modified mssqlclient from impacket to extract policies from the SCCM database
  ☆46Feb 24, 2026Updated last month
• nettitude / TokenCert

  View on GitHub
  TokenCert
  ☆102Nov 15, 2024Updated last year
• zodiacon / WinEventHooks

  View on GitHub
  SetWinEventHook Sample
  ☆50Sep 23, 2023Updated 2 years ago
• NordVPN Special Discount Offer • Ad
  Save on top-rated NordVPN 1 or 2-year plans with secure browsing, privacy protection, and support for for all major platforms.
• rasta-mouse / process-inject-kit

  View on GitHub
  Port of Cobalt Strike's Process Inject Kit
  ☆192Dec 1, 2024Updated last year
• som3canadian / Cloudflare-Redirector

  View on GitHub
  Just another C2 Redirector using CloudFlare. Support multiple C2 and multiple domains. Support for websocket listener.
  ☆189Mar 14, 2025Updated last year
• senzee1984 / Amsi_Bypass_In_2023

  View on GitHub
  Amsi Bypass payload that works on Windwos 11
  ☆379Jul 30, 2023Updated 2 years ago
• synacktiv / windows_kernel_shadow_stack

  View on GitHub
  Proof of concepts demonstrating some aspects of the Windows kernel shadow stack mitigation.
  ☆55Jun 2, 2025Updated 9 months ago
• M1ndo / WerDump

  View on GitHub
  A Beacon Object File (BOF) for Havoc/CS to Bypass PPL and Dump Lsass
  ☆169Sep 22, 2025Updated 6 months ago
• secureworks / BAADTokenBroker

  View on GitHub
  ☆122Jun 17, 2025Updated 9 months ago
• lsecqt / SharpRedirect

  View on GitHub
  Simple C# Redirector
  ☆94Aug 31, 2025Updated 6 months ago