Alternatives and similar repositories for NtlmThief

Users that are interested in NtlmThief are comparing it to the libraries listed below

• MzHmO / TGSThief

  View on GitHub
  My implementation of the GIUDA project in C++
  ☆189Jul 25, 2023Updated 2 years ago
• Ridter / atexec-pro

  View on GitHub
  Fileless atexec, no more need for port 445
  ☆404Mar 28, 2024Updated last year
• CICADA8-Research / RemoteKrbRelay

  View on GitHub
  Remote Kerberos Relay made easy! Advanced Kerberos Relay Framework
  ☆635May 8, 2025Updated 9 months ago
• YOLOP0wn / POSTDump

  View on GitHub
  ☆341Nov 10, 2025Updated 3 months ago
• 0xEr3bus / PoolPartyBof

  View on GitHub
  A beacon object file implementation of PoolParty Process Injection Technique.
  ☆432Dec 21, 2023Updated 2 years ago
• netero1010 / GhostTask

  View on GitHub
  A tool employs direct registry manipulation to create scheduled tasks without triggering the usual event logs.
  ☆612Jan 2, 2025Updated last year
• RalfHacker / Kerbeus-BOF

  View on GitHub
  BOF for Kerberos abuse (an implementation of some important features of the Rubeus).
  ☆540Nov 23, 2025Updated 2 months ago
• BC-SECURITY / IronSharpPack

  View on GitHub
  IronSharpPack is a repo of popular C# projects that have been embedded into IronPython scripts that execute an AMSI bypass and then refle…
  ☆118May 2, 2024Updated last year
• foxlox / GIUDA

  View on GitHub
  Ask a TGS on behalf of another user without password
  ☆482Mar 30, 2025Updated 10 months ago
• reveng007 / DarkWidow

  View on GitHub
  Indirect Dynamic Syscall, SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird …
  ☆772Jan 26, 2026Updated 3 weeks ago
• CICADA8-Research / IHxExec

  View on GitHub
  Process injection alternative
  ☆404Sep 6, 2024Updated last year
• fin3ss3g0d / NativeThreadpool

  View on GitHub
  Work, timer, and wait callback example using solely Native Windows APIs.
  ☆88Feb 11, 2024Updated 2 years ago
• blackarrowsec / Handly

  View on GitHub
  Abuse leaked token handles.
  ☆136Dec 14, 2023Updated 2 years ago
• decoder-it / ADCSCoercePotato

  View on GitHub
  ☆242May 5, 2024Updated last year
• OtterHacker / SetProcessInjection

  View on GitHub
  ☆151Oct 2, 2023Updated 2 years ago
• ipSlav / DirtyCLR

  View on GitHub
  An App Domain Manager Injection DLL PoC on steroids
  ☆211Dec 14, 2023Updated 2 years ago
• ricardojoserf / NativeBypassCredGuard

  View on GitHub
  Bypass Credential Guard by patching WDigest.dll using only NTAPI functions
  ☆266Apr 8, 2025Updated 10 months ago
• Meowmycks / LetMeowIn

  View on GitHub
  A sophisticated, covert Windows-based credential dumper using C++ and MASM x64.
  ☆442Jul 8, 2024Updated last year
• gabriellandau / EDRSandblast-GodFault

  View on GitHub
  EDRSandblast-GodFault
  ☆271Aug 28, 2023Updated 2 years ago
• Dec0ne / DavRelayUp

  View on GitHub
  DavRelayUp - a universal no-fix local privilege escalation in domain-joined windows workstations where LDAP signing is not enforced (the …
  ☆565Jun 5, 2023Updated 2 years ago
• securifybv / BOFRyptor

  View on GitHub
  ☆122Oct 9, 2023Updated 2 years ago
• dmcxblue / SharpGhostTask

  View on GitHub
  A C# port from Invoke-GhostTask
  ☆119Jan 5, 2024Updated 2 years ago
• S1lkys / SharpKiller

  View on GitHub
  Lifetime AMSI bypass by @ZeroMemoryEx ported to .NET Framework 4.8
  ☆351Aug 29, 2024Updated last year
• xforcered / BOFMask

  View on GitHub
  ☆129Jun 28, 2023Updated 2 years ago
• BlackSnufkin / NovaLdr

  View on GitHub
  Threadless Module Stomping In Rust with some features (In memory of those murdered in the Nova party massacre)
  ☆258Jun 29, 2024Updated last year
• decoder-it / KrbRelay-SMBServer

  View on GitHub
  ☆235Oct 8, 2024Updated last year
• garrettfoster13 / sccmhunter

  View on GitHub
  SCCMHunter is a post-ex tool built to streamline identifying, profiling, and attacking SCCM related assets in an Active Directory domain.…
  ☆886Updated this week
• MayerDaniel / profiler-lateral-movement

  View on GitHub
  Lateral Movement via the .NET Profiler
  ☆100Nov 21, 2024Updated last year
• MalwareTech / EDRception

  View on GitHub
  A proof of concept for abusing exception handlers to hook and bypass user mode EDR hooks.
  ☆201Dec 27, 2023Updated 2 years ago
• synacktiv / GPOddity

  View on GitHub
  The GPOddity project, aiming at automating GPO attack vectors through NTLM relaying (and more).
  ☆358Dec 13, 2025Updated 2 months ago
• Kudaes / Shelter

  View on GitHub
  ROP-based sleep obfuscation to evade memory scanners
  ☆375Jun 22, 2025Updated 7 months ago
• itm4n / PPLrevenant

  View on GitHub
  Bypass LSA protection using the BYODLL technique
  ☆171Sep 21, 2024Updated last year
• ewby / Mockingjay_BOF

  View on GitHub
  Cobalt Strike + Brute Ratel C4 Beacon Object File (BOF) Conversion of the Mockingjay Process Injection Technique
  ☆158Nov 7, 2023Updated 2 years ago
• JanielDary / ImmoralFiber

  View on GitHub
  Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) Phan…
  ☆280Sep 18, 2024Updated last year
• VoldeSec / PatchlessCLRLoader

  View on GitHub
  .NET assembly loader with patchless AMSI and ETW bypass
  ☆366Apr 19, 2023Updated 2 years ago
• zblurx / certsync

  View on GitHub
  Dump NTDS with golden certificates and UnPAC the hash
  ☆647Mar 20, 2024Updated last year
• FalconForceTeam / SOAPHound

  View on GitHub
  SOAPHound is a custom-developed .NET data collector tool which can be used to enumerate Active Directory environments via the Active Dire…
  ☆859Feb 3, 2024Updated 2 years ago
• zyn3rgy / smbtakeover

  View on GitHub
  BOF and Python3 implementation of technique to unbind 445/tcp on Windows via SCM interactions
  ☆345Nov 19, 2024Updated last year
• naksyn / Embedder

  View on GitHub
  Embedder is a collection of sources in different languages to embed Python interpreter with minimal dependencies
  ☆123May 29, 2024Updated last year