Alternatives and similar repositories for ntlmrelayx.py_to_exe

Users that are interested in ntlmrelayx.py_to_exe are comparing it to the libraries listed below

• mpgn / BackupOperatorToDA

  View on GitHub
  From an account member of the group Backup Operators to Domain Admin without RDP or WinRM on the Domain Controller
  ☆439Jan 4, 2025Updated last year
• zyn3rgy / smbtakeover

  View on GitHub
  BOF and Python3 implementation of technique to unbind 445/tcp on Windows via SCM interactions
  ☆345Nov 19, 2024Updated last year
• X-C3LL / SharpNTLMRawUnHide

  View on GitHub
  C# version of NTLMRawUnHide
  ☆72Oct 8, 2022Updated 3 years ago
• Dec0ne / DavRelayUp

  View on GitHub
  DavRelayUp - a universal no-fix local privilege escalation in domain-joined windows workstations where LDAP signing is not enforced (the …
  ☆565Jun 5, 2023Updated 2 years ago
• decoder-it / ADCSCoercePotato

  View on GitHub
  ☆242May 5, 2024Updated last year
• logangoins / Stifle

  View on GitHub
  .NET Post-Exploitation Utility for Abusing Strong Explicit Certificate Mappings in ADCS
  ☆150Feb 10, 2025Updated last year
• slemire / WSPCoerce

  View on GitHub
  PoC to coerce authentication from Windows hosts using MS-WSP
  ☆302Sep 7, 2023Updated 2 years ago
• howmp / donut_ollvm

  View on GitHub
  Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from mem…
  ☆69Oct 10, 2025Updated 4 months ago
• Kryp7os / SharpRBCD

  View on GitHub
  An executable that simplifies adding the msds-AllowedToActOnBehalfOfOtherIdentity attribute for RBCD
  ☆49Mar 10, 2025Updated 11 months ago
• snovvcrash / RemoteRegSave

  View on GitHub
  A .NET implementation to dump SAM, SYSTEM, SECURITY registry hives from a remote host
  ☆41Dec 8, 2023Updated 2 years ago
• CCob / SQL-BOF

  View on GitHub
  Library of BOFs to interact with SQL servers
  ☆16Dec 6, 2024Updated last year
• decoder-it / KrbRelay-SMBServer

  View on GitHub
  ☆235Oct 8, 2024Updated last year
• YOLOP0wn / POSTDump

  View on GitHub
  ☆341Nov 10, 2025Updated 3 months ago
• leftp / DPAPISnoop

  View on GitHub
  A C# tool to output crackable DPAPI hashes from user MasterKeys
  ☆140Sep 14, 2024Updated last year
• safedv / GPOAnalyzer

  View on GitHub
  GPOAnalyzer is a tool designed to assist in parsing domain Group Policy Object (GPO) files located in the SYSVOL directory.
  ☆28Jun 14, 2024Updated last year
• rasta-mouse / PPEnum

  View on GitHub
  Simple BOF to read the protection level of a process
  ☆118May 10, 2023Updated 2 years ago
• RedCursorSecurityConsulting / SharpHashSpray

  View on GitHub
  An execute-assembly compatible tool for spraying local admin hashes on an Active Directory domain.
  ☆19Apr 30, 2021Updated 4 years ago
• 0xe7 / RoastInTheMiddle

  View on GitHub
  ☆74Jun 17, 2025Updated 7 months ago
• AlmondOffSec / PassTheCert

  View on GitHub
  Proof-of-Concept tool to authenticate to an LDAP/S server with a certificate through Schannel
  ☆725Sep 3, 2025Updated 5 months ago
• mgeeky / msi-shenanigans

  View on GitHub
  Proof of Concept code and samples presenting emerging threat of MSI installer files.
  ☆90Dec 15, 2022Updated 3 years ago
• fortalice / modifyCertTemplate

  View on GitHub
  ADCS cert template modification and ACL enumeration
  ☆144Jun 26, 2023Updated 2 years ago
• D4rthMaulCop / DarthNetLoader

  View on GitHub
  ☆15Aug 17, 2023Updated 2 years ago
• zblurx / certsync

  View on GitHub
  Dump NTDS with golden certificates and UnPAC the hash
  ☆647Mar 20, 2024Updated last year
• praetorian-inc / ADFSRelay

  View on GitHub
  Proof of Concept Utilities Developed to Research NTLM Relaying Attacks Targeting ADFS
  ☆187Jun 22, 2022Updated 3 years ago
• Ridter / atexec-pro

  View on GitHub
  Fileless atexec, no more need for port 445
  ☆404Mar 28, 2024Updated last year
• MzHmO / psexec_noinstall

  View on GitHub
  Repository contains psexec, which will help to exploit the forgotten pipe
  ☆171Nov 5, 2024Updated last year
• Mr-Un1k0d3r / Elevate-System-Trusted-BOF

  View on GitHub
  ☆160Mar 27, 2023Updated 2 years ago
• wh0amitz / S4UTomato

  View on GitHub
  Escalate Service Account To LocalSystem via Kerberos
  ☆402Sep 14, 2023Updated 2 years ago
• atabetnouhaila / API-hashing

  View on GitHub
  ☆18Jan 14, 2026Updated last month
• XiaoliChan / wmiexec-Pro

  View on GitHub
  New generation of wmiexec.py
  ☆1,255Jan 5, 2026Updated last month
• VoldeSec / PatchlessInlineExecute-Assembly

  View on GitHub
  Porting of BOF InlineExecute-Assembly to load .NET assembly in process but with patchless AMSI and ETW bypass using hardware breakpoint.
  ☆273Apr 17, 2023Updated 2 years ago
• XiaoliChan / LDAPShell

  View on GitHub
  A wrapper of ldap_shell.py module which in ntlmrelayx
  ☆62Sep 22, 2022Updated 3 years ago
• Octoberfest7 / Inline-Execute-PE

  View on GitHub
  Execute unmanaged Windows executables in CobaltStrike Beacons
  ☆714Mar 4, 2023Updated 2 years ago
• deepinstinct / DCOMUploadExec

  View on GitHub
  DCOM Lateral movement POC abusing the IMsiServer interface - uploads and executes a payload remotely
  ☆381Dec 13, 2024Updated last year
• wavvs / nanorobeus

  View on GitHub
  COFF file (BOF) for managing Kerberos tickets.
  ☆321Jul 2, 2023Updated 2 years ago
• garrettfoster13 / sccmhunter

  View on GitHub
  SCCMHunter is a post-ex tool built to streamline identifying, profiling, and attacking SCCM related assets in an Active Directory domain.…
  ☆886Updated this week
• safedv / RustiveDump

  View on GitHub
  LSASS memory dumper using only NTAPIs, creating a minimal minidump. It can be compiled as shellcode (PIC), supports XOR encryption, and r…
  ☆381Apr 26, 2025Updated 9 months ago
• ZephrFish / Bloodhound-CustomQueries

  View on GitHub
  Custom Queries - Brought Up to BH4.1 syntax
  ☆272Dec 7, 2025Updated 2 months ago
• Dec0ne / ShadowSpray

  View on GitHub
  A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other ob…
  ☆482Oct 14, 2022Updated 3 years ago