Alternatives and similar repositories for HookingLsassForCredentials

Users that are interested in HookingLsassForCredentials are comparing it to the libraries listed below

• Cracked5pider / kaine-assembly

  View on GitHub
  a demo module for the kaine agent to execute and inject assembly modules
  ☆41Aug 28, 2024Updated last year
• maxDcb / DreamWalkers

  View on GitHub
  Reflective shellcode loaderwith advanced call stack spoofing and .NET support.
  ☆225Sep 19, 2025Updated 4 months ago
• Cobalt-Strike / eden

  View on GitHub
  A PoC UDRL for Cobalt Strike built with Crystal Palace that combines Raphael Mudge's page streaming technique with a modular call gate (D…
  ☆65Jan 21, 2026Updated 3 weeks ago
• Maldev-Academy / HookingLsassForCredentials

  View on GitHub
  Attempting to Hook LSASS APIs to Retrieve Plaintext Credentials
  ☆54May 12, 2025Updated 9 months ago
• Teach2Breach / moonwalk

  View on GitHub
  find dll base addresses without PEB WALK
  ☆157Jul 13, 2025Updated 7 months ago
• silentwarble / hbin_template

  View on GitHub
  Post-Ex BOF tooling for Hannibal
  ☆24Nov 20, 2024Updated last year
• Orange-Cyberdefense / EDRSnowblast

  View on GitHub
  This project is an EDRSandblast fork, adding some features and custom pieces of code.
  ☆25Sep 29, 2023Updated 2 years ago
• ColeHouston / Sunder

  View on GitHub
  Windows rootkit designed to work with BYOVD exploits
  ☆214Jan 18, 2025Updated last year
• NtDallas / MemLoader

  View on GitHub
  Run native PE or .NET executables entirely in-memory. Build the loader as an .exe or .dll—DllMain is Cobalt Strike UDRL-compatible
  ☆266Jun 18, 2025Updated 7 months ago
• zero2504 / Early-Cryo-Bird-Injections

  View on GitHub
  Early Bird Cryo Injections – APC-based DLL & Shellcode Injection via Pre-Frozen Job Objects
  ☆135Apr 6, 2025Updated 10 months ago
• mannyfred / MentalTi

  View on GitHub
  Mentally ill EtwTi parser
  ☆66Jan 11, 2026Updated last month
• Maldev-Academy / LsassHijackingViaReg

  View on GitHub
  Injecting DLL into LSASS at boot
  ☆156Apr 29, 2025Updated 9 months ago
• logangoins / Stifle

  View on GitHub
  .NET Post-Exploitation Utility for Abusing Strong Explicit Certificate Mappings in ADCS
  ☆150Feb 10, 2025Updated last year
• NtDallas / OdinLdr

  View on GitHub
  Cobaltstrike Reflective Loader with Synthetic Stackframe
  ☆182Jan 17, 2026Updated 3 weeks ago
• iilegacyyii / DataInject-BOF

  View on GitHub
  Hijacks code execution via overwriting Control Flow Guard pointers in combase.dll
  ☆135Apr 18, 2025Updated 9 months ago
• WKL-Sec / docker-cobaltstrike

  View on GitHub
  Docker container for running CobaltStrike 4.7 and above
  ☆24Mar 20, 2025Updated 10 months ago
• EspressoCake / ADIDNS_Parser

  View on GitHub
  Parser and reconciliation tooling for large Active Directory environments.
  ☆33Feb 18, 2025Updated 11 months ago
• NtDallas / KrakenMask

  View on GitHub
  Sleep obfuscation
  ☆265Dec 13, 2024Updated last year
• rxOred / process-hollowing

  View on GitHub
  process hollowing variant using NtCreateSection + NtMapViewOfSection + ResumeThread
  ☆31Jan 9, 2022Updated 4 years ago
• Teach2Breach / dll2shell

  View on GitHub
  converts sRDI compatible dlls to shellcode
  ☆35Jan 20, 2025Updated last year
• kleiton0x00 / RtlHijack

  View on GitHub
  Alternative Read and Write primitives using Rtl* functions the unintended way.
  ☆78Aug 25, 2025Updated 5 months ago
• Meowmycks / koneko

  View on GitHub
  Robust Cobalt Strike shellcode loader with multiple advanced evasion features
  ☆199Apr 21, 2025Updated 9 months ago
• dmcxblue / SharpHIBP

  View on GitHub
  A C# Tool to gather information about email breaches
  ☆16Dec 21, 2023Updated 2 years ago
• rasta-mouse / SpawnWith

  View on GitHub
  ☆109Feb 17, 2025Updated 11 months ago
• EspressoCake / DefenderPathExclusions

  View on GitHub
  Creation and removal of Defender path exclusions and exceptions in C#.
  ☆32Nov 1, 2023Updated 2 years ago
• duhirsch / MoveEdr

  View on GitHub
  Permanently disable EDRs as local admin
  ☆125Dec 19, 2025Updated last month
• boku7 / patchwerk

  View on GitHub
  BOF that finds all the Nt* system call stubs within NTDLL and overwrites with clean syscall stubs (user land hook evasion)
  ☆195Feb 6, 2025Updated last year
• MythicAgents / Hannibal

  View on GitHub
  A Mythic Agent written in PIC C.
  ☆206Feb 4, 2025Updated last year
• VoldeSec / PatchlessCLRLoader

  View on GitHub
  .NET assembly loader with patchless AMSI and ETW bypass
  ☆366Apr 19, 2023Updated 2 years ago
• Thunter-HackTeam / EvilentCoerce

  View on GitHub
  ☆159May 5, 2025Updated 9 months ago
• knight0x07 / NailaoLoader-Hiding-Execution-Flow

  View on GitHub
  NailaoLoader: Hiding Execution Flow via Patching
  ☆22Feb 27, 2025Updated 11 months ago
• EvanMcBroom / perfect-loader

  View on GitHub
  Load a dynamic library from memory by modifying the native Windows loader
  ☆282Jun 18, 2025Updated 7 months ago
• Offensive-Panda / LsassReflectDumping

  View on GitHub
  This tool leverages the Process Forking technique using the RtlCreateProcessReflection API to clone the lsass.exe process. Once the clone…
  ☆212Oct 19, 2024Updated last year
• deepinstinct / DCOMUploadExec

  View on GitHub
  DCOM Lateral movement POC abusing the IMsiServer interface - uploads and executes a payload remotely
  ☆381Dec 13, 2024Updated last year
• zimnyaa / smbsocks

  View on GitHub
  A simple rpc2socks alternative in pure Go.
  ☆31Jul 8, 2024Updated last year
• Maldev-Academy / PrefetchFileParser

  View on GitHub
  A lightweight Windows Prefetch file parser to extract programs' execution history
  ☆63Jan 12, 2026Updated last month
• ricardojoserf / NativeTokenImpersonate

  View on GitHub
  Impersonate Tokens using only NTAPI functions
  ☆83Apr 4, 2025Updated 10 months ago
• AlteredSecurity / Disable-TamperProtection

  View on GitHub
  A POC to disable TamperProtection and other Defender / MDE components
  ☆253Jun 6, 2024Updated last year
• ipSlav / DirtyCLR

  View on GitHub
  An App Domain Manager Injection DLL PoC on steroids
  ☆211Dec 14, 2023Updated 2 years ago