A curated collection of Living off the Land (LotL) attack demonstrations where trusted binaries go rogue, because if it didn’t launch calc.exe, did it even happen?
☆37Jan 7, 2026Updated 5 months ago
Alternatives and similar repositories for CalcOrItDidntHappen
Users that are interested in CalcOrItDidntHappen are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Simple reverse ICMP shell☆14Apr 30, 2024Updated 2 years ago
- Cobalt Strike notifications via NTFY.☆15Sep 24, 2024Updated last year
- ☆14Aug 21, 2022Updated 3 years ago
- 🐧 A simple kernel-level rootkit☆21Mar 1, 2016Updated 10 years ago
- List of scripts used for malware analysis☆15Aug 10, 2015Updated 10 years ago
- AI Agents on DigitalOcean Gradient AI Platform • AdBuild production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
- This project provides Base64 encoding and decoding functionality to PowerShell within Constrained Language Mode☆27Jun 25, 2024Updated last year
- Dump Kerberos tickets☆46Aug 4, 2025Updated 10 months ago
- ☆24Jul 7, 2023Updated 2 years ago
- Remote process dumping automation. Use it to dump Windows credentials remotely and extract clear text with Mimikatz offline☆35Jan 3, 2020Updated 6 years ago
- C# implementation of TokenFinder. Steal M365 access tokens from Office Desktop apps☆147Feb 1, 2026Updated 4 months ago
- A python script to automatically add a KeyCredentialLink to newly created users, by quickly connecting to them with default credentials.☆28Mar 17, 2024Updated 2 years ago
- Protect your servers with a secret header☆29Jun 12, 2020Updated 6 years ago
- ☆14Nov 8, 2024Updated last year
- Reflective PE loader written in Zig. Loads and executes native and .NET PE files directly from memory.☆61Mar 2, 2026Updated 3 months ago
- Deploy on Railway without the complexity - Free Credits Offer • AdConnect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
- PowerShell Empire module for logging USB keystrokes via ETW☆31Nov 11, 2016Updated 9 years ago
- POC tool to abuse windows server failover clusters☆56Aug 7, 2025Updated 10 months ago
- A PoC UDRL for Cobalt Strike built with Crystal Palace that combines Raphael Mudge's page streaming technique with a modular call gate (D…☆129Jan 21, 2026Updated 4 months ago
- Talk given at DerbyCon and RuxCon 2016☆23Sep 23, 2016Updated 9 years ago
- Minimal Indicator Storage System☆11Feb 8, 2021Updated 5 years ago
- A VSCode plugin to assist with BOF development.☆37Aug 14, 2024Updated last year
- Indirect Syscall implementation to bypass userland NTAPIs hooking.☆84Aug 13, 2024Updated last year
- a-ray-grass is a yara module that provides support for DCSO-format bloom filters in yara. In the context of hashlookup, it allows quickly…☆14Aug 19, 2022Updated 3 years ago
- AI assistant for wireshark☆92Apr 22, 2026Updated last month
- End-to-end encrypted cloud storage - Proton Drive • AdSpecial offer: 40% Off Yearly / 80% Off First Month. Protect your most important files, photos, and documents from prying eyes.
- ☆10Dec 24, 2022Updated 3 years ago
- Atomic test units for BOF execution☆57Apr 26, 2026Updated last month
- Havoc C2 BOF port of the KslD.sys BYOVD technique. Credential extraction from lsass via physical memory — no OpenProcess, no auditable AP…☆110Apr 22, 2026Updated last month
- Indicators of compromise from to analysis and research by Nextron Threat Research team☆12Jun 2, 2026Updated last week
- Generate Go bindings for shared C libraries.☆19May 20, 2026Updated 3 weeks ago
- regex Hunter- Fast website endpoint sensitive data and Leaks JS files endpoint API Key Scraper☆15Jun 8, 2024Updated 2 years ago
- Ivanti Connect Secure IFT TLS Stack Overflow pre-auth RCE (CVE-2025-0282)☆31Jan 18, 2025Updated last year
- A minimal IRC server☆20Jul 27, 2024Updated last year
- Application Security library☆11Nov 6, 2012Updated 13 years ago
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
- A Compiler from Sigma rules to VQL☆19May 18, 2026Updated 3 weeks ago
- Windows hidden thread suspend POC with code injection☆12May 27, 2017Updated 9 years ago
- Historical Observations of Actionable Reputation Data☆13Jun 26, 2018Updated 7 years ago
- Storage for the IOCs I collect☆11Apr 3, 2026Updated 2 months ago
- My python3 implementation of a Forward Shell☆38Jan 25, 2019Updated 7 years ago
- Indicators of Normality☆11Jul 22, 2022Updated 3 years ago
- Script to pull newly-registered domains and check for similarity against a provided word list.☆13Aug 2, 2020Updated 5 years ago