NetSPI/ATEAM external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

NetSPI/ATEAM

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/NetSPI/ATEAM)

Close

NetSPI / ATEAMView on GitHubMore

• External links
• Readme badge

☆142Sep 9, 2025Updated 7 months ago

Alternatives and similar repositories for ATEAM

Users that are interested in ATEAM are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• TheManticoreProject / LDAPWordlistHarvester

  View on GitHub
  A tool that allows you to extract a client-specific wordlist from the LDAP of an Active Directory.
  ☆58Jul 2, 2025Updated 9 months ago
• mubix / Find-WSUS

  View on GitHub
  Helps defenders find their WSUS configurations in the wake of CVE-2025-59287
  ☆46Oct 28, 2025Updated 6 months ago
• curi0usJack / Ludus-MDE-MDI-Roles

  View on GitHub
  Ludus roles to deploy ASR rules and MDI auditing settings
  ☆24Aug 5, 2025Updated 8 months ago
• kozmer / aad-bofs

  View on GitHub
  ☆139Nov 17, 2025Updated 5 months ago
• synacktiv / GroupPolicyBackdoor

  View on GitHub
  Group Policy Objects manipulation and exploitation framework
  ☆300Dec 7, 2025Updated 4 months ago
• Managed Kubernetes at scale on DigitalOcean • Ad
  DigitalOcean Kubernetes includes the control plane, bandwidth allowance, container registry, automatic updates, and more for free.
• LuemmelSec / APEX

  View on GitHub
  Azure Post Exploitation Framework
  ☆246Oct 27, 2025Updated 6 months ago
• hoodoer / DragonHash

  View on GitHub
  Demo code JavaScript POC that tricks user into sending Windows hash to responder
  ☆37Dec 12, 2025Updated 4 months ago
• jhalon / cSessionHop

  View on GitHub
  Beacon Object File (BOF) for Windows Session Hijacking via IHxHelpPaneServer COM
  ☆68Dec 25, 2025Updated 4 months ago
• kozmer / rspy

  View on GitHub
  rust port of pspy with support for process monitoring over dbus
  ☆37Jan 4, 2026Updated 3 months ago
• 0xRedpoll / ludus_mythic_teamserver

  View on GitHub
  Ludus role for deploying a Mythic Teamserver onto Linux servers
  ☆23Mar 16, 2025Updated last year
• Meowmycks / trustme

  View on GitHub
  BOF to impersonate TrustedInstaller via DISM API trigger and thread impersonation
  ☆126Mar 27, 2026Updated last month
• grayhatkiller / wambam-bof

  View on GitHub
  ☆50Dec 5, 2025Updated 4 months ago
• ColeHouston / theHandler-BOF

  View on GitHub
  Dump protected process memory by using BYOVD to tamper with handle objects in the kernel.
  ☆41Aug 5, 2025Updated 8 months ago
• alienkeric / VisualStudio-RCE-EvilSln

  View on GitHub
  A New Exploitation Technique for Visual Studio Projects
  ☆13Nov 5, 2023Updated 2 years ago
• Wordpress hosting with auto-scaling - Free Trial Offer • Ad
  Fully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
• dobin / detonator

  View on GitHub
  Orchestrate detonating your MalDev in VMs with different EDRs to see their detection surface.
  ☆25Updated this week
• logangoins / SOAPy

  View on GitHub
  SOAPy is a Proof of Concept (PoC) tool for conducting offensive interaction with Active Directory Web Services (ADWS) through a SOCKS5 pr…
  ☆193Updated this week
• OtterHacker / OktaGinx

  View on GitHub
  ☆60Jun 2, 2025Updated 10 months ago
• paranoidninja / BRC4-BOF-Artillery

  View on GitHub
  ☆147Nov 6, 2025Updated 5 months ago
• Whispergate / Erebus

  View on GitHub
  Erebus is an Initial Access wrapper for the Mythic Command & Control Server. It converts existing Mythic shellcode into payloads specific…
  ☆132Apr 24, 2026Updated last week
• klezVirus / RAIWhateverTrigger

  View on GitHub
  Local SYSTEM auth trigger for relaying - X
  ☆154Jul 23, 2025Updated 9 months ago
• dmcxblue / WSL-Payloads

  View on GitHub
  A small How-To on creating your own weaponized WSL file
  ☆126Jul 23, 2025Updated 9 months ago
• synacktiv / gpoParser

  View on GitHub
  gpoParser is a tool designed to extract and analyze configurations applied through Group Policy Objects (GPOs) in an Active Directory env…
  ☆352Mar 19, 2026Updated last month
• mez-0 / citadel

  View on GitHub
  A Payload Analysis Framework
  ☆118Oct 9, 2025Updated 6 months ago
• End-to-end encrypted email - Proton Mail • Ad
  Special offer: 40% Off Yearly / 80% Off First Month. All Proton services are open source and independently audited for security.
• NocteDefensor / SCCMDecryptor-BOF

  View on GitHub
  ☆55Jun 28, 2025Updated 10 months ago
• s4dbrd / ETWReader

  View on GitHub
  Read ETW Provider events. Inspired by ETWExplorer by Pavel Yosifovich
  ☆18Jun 29, 2024Updated last year
• atomicchonk / roadrecon_mcp_server

  View on GitHub
  Claude MCP server to perform analysis on ROADrecon data
  ☆50Mar 30, 2025Updated last year
• affix / rusty-hollow

  View on GitHub
  Unix Process hollowing in rust
  ☆22Dec 16, 2024Updated last year
• sudonoodle / BOF-entra-authcode-flow

  View on GitHub
  Beacon Object File (BOF) to obtain Entra tokens via authcode flow.
  ☆128Jan 17, 2026Updated 3 months ago
• WKL-Sec / slack-udc2

  View on GitHub
  Cobalt Strike UDC2 implementation that provides an Slack C2 channel
  ☆69Jan 5, 2026Updated 3 months ago
• OleFredrik1 / remoteKrbRelayx

  View on GitHub
  A tool for coercing and relaying Kerberos authentication over DCOM and RPC.
  ☆148Jul 17, 2025Updated 9 months ago
• c2pain / RustBird

  View on GitHub
  Early Bird APC Injection in Rust
  ☆64Oct 9, 2024Updated last year
• jfjallid / go-cmloot

  View on GitHub
  A tool to enumerate and download files from the System Center Configuration Manager (SCCM) SMB share (SCCMContentLib)
  ☆17Jul 27, 2024Updated last year
• Deploy to Railway using AI coding agents - Free Credits Offer • Ad
  Use Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
• AlmondOffSec / DCOMRunAs

  View on GitHub
  Lateral movement with DCOM DLL hijacking
  ☆178Jul 4, 2025Updated 9 months ago
• pard0p / Self-Cleaning-PICO-Loader

  View on GitHub
  Self-cleaning in-memory PICO loader for Crystal Palace. Automatically erases traces and operates entirely in memory for stealthy payload …
  ☆52Nov 2, 2025Updated 5 months ago
• synacktiv / Invoke-RunAsWithCert

  View on GitHub
  A PowerShell script to perform PKINIT authentication with the Windows API from a non domain-joined machine.
  ☆176May 13, 2024Updated last year
• Scoubi / BloodSOCer

  View on GitHub
  ☆59Dec 10, 2025Updated 4 months ago
• Octoberfest7 / Enumprotections_BOF

  View on GitHub
  A BOF to enumerate system process, their protection levels, and more.
  ☆126Nov 27, 2024Updated last year
• Cobalt-Strike / callback_examples

  View on GitHub
  This contains a number of examples demonstrating how to use callback functions in supported aggressor script functions
  ☆38Mar 17, 2025Updated last year
• Cobalt-Strike / sleepmask-vs

  View on GitHub
  A simple Sleepmask BOF example
  ☆172Nov 24, 2025Updated 5 months ago