NetSPI/ATEAM external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

NetSPI/ATEAM

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/NetSPI/ATEAM)

Close

NetSPI / ATEAMView on GitHubMore

• External links
• Readme badge

☆143Sep 9, 2025Updated 9 months ago

Alternatives and similar repositories for ATEAM

Users that are interested in ATEAM are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• TheManticoreProject / LDAPWordlistHarvester

  View on GitHub
  A tool that allows you to extract a client-specific wordlist from the LDAP of an Active Directory.
  ☆58Jul 2, 2025Updated 11 months ago
• mubix / Find-WSUS

  View on GitHub
  Helps defenders find their WSUS configurations in the wake of CVE-2025-59287
  ☆46Oct 28, 2025Updated 7 months ago
• curi0usJack / Ludus-MDE-MDI-Roles

  View on GitHub
  Ludus roles to deploy ASR rules and MDI auditing settings
  ☆25Aug 5, 2025Updated 10 months ago
• kozmer / aad-bofs

  View on GitHub
  ☆139Nov 17, 2025Updated 6 months ago
• synacktiv / GroupPolicyBackdoor

  View on GitHub
  Group Policy Objects manipulation and exploitation framework
  ☆313Dec 7, 2025Updated 6 months ago
• AI Agents on DigitalOcean Gradient AI Platform • Ad
  Build production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
• LuemmelSec / APEX

  View on GitHub
  Azure Post Exploitation Framework
  ☆247Oct 27, 2025Updated 7 months ago
• hoodoer / DragonHash

  View on GitHub
  Demo code JavaScript POC that tricks user into sending Windows hash to responder
  ☆37Dec 12, 2025Updated 5 months ago
• jhalon / cSessionHop

  View on GitHub
  Beacon Object File (BOF) for Windows Session Hijacking via IHxHelpPaneServer COM
  ☆70Dec 25, 2025Updated 5 months ago
• kozmer / rspy

  View on GitHub
  rust port of pspy with support for process monitoring over dbus
  ☆38Jan 4, 2026Updated 5 months ago
• 0xRedpoll / ludus_mythic_teamserver

  View on GitHub
  Ludus role for deploying a Mythic Teamserver onto Linux servers
  ☆23Mar 16, 2025Updated last year
• grayhatkiller / wambam-bof

  View on GitHub
  ☆50Dec 5, 2025Updated 6 months ago
• alienkeric / VisualStudio-RCE-EvilSln

  View on GitHub
  A New Exploitation Technique for Visual Studio Projects
  ☆13Nov 5, 2023Updated 2 years ago
• ColeHouston / theHandler-BOF

  View on GitHub
  Dump protected process memory by using BYOVD to tamper with handle objects in the kernel.
  ☆42Aug 5, 2025Updated 10 months ago
• rasta-mouse / atomic-bofs

  View on GitHub
  Atomic test units for BOF execution
  ☆57Apr 26, 2026Updated last month
• 1-Click AI Models by DigitalOcean Gradient • Ad
  Deploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click. Zero configuration with optimized deployments.
• dobin / detonator

  View on GitHub
  Orchestrate detonating your MalDev in VMs with different EDRs to see their detection surface.
  ☆34Updated this week
• logangoins / SOAPy

  View on GitHub
  SOAPy is a Proof of Concept (PoC) tool for conducting offensive interaction with Active Directory Web Services (ADWS) through a SOCKS5 pr…
  ☆200Updated this week
• OtterHacker / OktaGinx

  View on GitHub
  ☆60Jun 2, 2025Updated last year
• Meowmycks / trustme

  View on GitHub
  BOF to impersonate TrustedInstaller via DISM API trigger and thread impersonation
  ☆133Mar 27, 2026Updated 2 months ago
• paranoidninja / BRC4-BOF-Artillery

  View on GitHub
  ☆148Nov 6, 2025Updated 7 months ago
• Whispergate / Erebus

  View on GitHub
  Erebus is an Initial Access wrapper for the Mythic Command & Control Server. It converts shellcode into payloads specifically used for ph…
  ☆138Jun 2, 2026Updated last week
• klezVirus / RAIWhateverTrigger

  View on GitHub
  Local SYSTEM auth trigger for relaying - X
  ☆158Jul 23, 2025Updated 10 months ago
• dmcxblue / WSL-Payloads

  View on GitHub
  A small How-To on creating your own weaponized WSL file
  ☆128Jul 23, 2025Updated 10 months ago
• synacktiv / gpoParser

  View on GitHub
  gpoParser is a tool designed to extract and analyze configurations applied through Group Policy Objects (GPOs) in an Active Directory env…
  ☆358Apr 28, 2026Updated last month
• Managed hosting for WordPress and PHP on Cloudways • Ad
  Managed hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
• mez-0 / citadel

  View on GitHub
  A Payload Analysis Framework
  ☆121Oct 9, 2025Updated 8 months ago
• NocteDefensor / SCCMDecryptor-BOF

  View on GitHub
  ☆57Jun 28, 2025Updated 11 months ago
• s4dbrd / ETWReader

  View on GitHub
  Read ETW Provider events. Inspired by ETWExplorer by Pavel Yosifovich
  ☆19Jun 29, 2024Updated last year
• atomicchonk / roadrecon_mcp_server

  View on GitHub
  Claude MCP server to perform analysis on ROADrecon data
  ☆50Mar 30, 2025Updated last year
• affix / rusty-hollow

  View on GitHub
  Unix Process hollowing in rust
  ☆22Dec 16, 2024Updated last year
• sudonoodle / BOF-entra-authcode-flow

  View on GitHub
  Beacon Object File (BOF) to obtain Entra tokens via authcode flow.
  ☆131Jan 17, 2026Updated 4 months ago
• WKL-Sec / slack-udc2

  View on GitHub
  Cobalt Strike UDC2 implementation that provides an Slack C2 channel
  ☆69Jan 5, 2026Updated 5 months ago
• OleFredrik1 / remoteKrbRelayx

  View on GitHub
  A tool for coercing and relaying Kerberos authentication over DCOM and RPC.
  ☆150Jul 17, 2025Updated 10 months ago
• c2pain / RustBird

  View on GitHub
  Early Bird APC Injection in Rust
  ☆66Oct 9, 2024Updated last year
• Deploy to Railway using AI coding agents - Free Credits Offer • Ad
  Use Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
• AlmondOffSec / DCOMRunAs

  View on GitHub
  Lateral movement with DCOM DLL hijacking
  ☆178Jul 4, 2025Updated 11 months ago
• jfjallid / go-cmloot

  View on GitHub
  A tool to enumerate and download files from the System Center Configuration Manager (SCCM) SMB share (SCCMContentLib)
  ☆21Jul 27, 2024Updated last year
• pard0p / Self-Cleaning-PICO-Loader

  View on GitHub
  Self-cleaning in-memory PICO loader for Crystal Palace. Automatically erases traces and operates entirely in memory for stealthy payload …
  ☆54Nov 2, 2025Updated 7 months ago
• synacktiv / Invoke-RunAsWithCert

  View on GitHub
  A PowerShell script to perform PKINIT authentication with the Windows API from a non domain-joined machine.
  ☆177May 13, 2024Updated 2 years ago
• Scoubi / BloodSOCer

  View on GitHub
  ☆59Dec 10, 2025Updated 6 months ago
• Octoberfest7 / Enumprotections_BOF

  View on GitHub
  A BOF to enumerate system process, their protection levels, and more.
  ☆126Nov 27, 2024Updated last year
• Cobalt-Strike / callback_examples

  View on GitHub
  This contains a number of examples demonstrating how to use callback functions in supported aggressor script functions
  ☆38Mar 17, 2025Updated last year