A Beacon Object File (BOF) that performs the complete ESC1 attack chain in a single execution: certificate request with arbitrary SAN (+SID), PKINIT authentication, and NT hash extraction via UnPAC-the-hash.
☆116Dec 21, 2025Updated 2 months ago
Alternatives and similar repositories for ESC1-unPAC
Users that are interested in ESC1-unPAC are comparing it to the libraries listed below
Sorting:
- A Beacon Object File (BOF) for Havoc/CS to Bypass PPL and Dump Lsass☆167Sep 22, 2025Updated 5 months ago
- Beacon Object File (BOF) for Windows Session Hijacking via IHxHelpPaneServer COM☆63Dec 25, 2025Updated 2 months ago
- A portable C# utility for enumerating local and remote windows sessions☆56Jan 1, 2026Updated 2 months ago
- Small utility script to notify via Slack about Hashcat's progress during a password cracking session☆10Mar 10, 2019Updated 6 years ago
- A small set of Beacon Object Files (BOFs) that I developed over the time with a Magic: The Gathering theme.☆16Jul 15, 2025Updated 7 months ago
- Beacon Object File (BOF) for Using the BadSuccessor Technique for Account Takeover☆86Oct 20, 2025Updated 4 months ago
- Local SYSTEM auth trigger for relaying☆169Jul 22, 2025Updated 7 months ago
- ☆48Nov 26, 2025Updated 3 months ago
- BOF to decrypt Signal Desktop chat logs☆71Feb 20, 2025Updated last year
- Beacon Object Files (BOFs) for Cobalt Strike and Havoc C2. Implementations of Active Directory attacks and post-exploitation techniques.☆101Jan 26, 2026Updated last month
- Cobalt Strike UDC2 implementation that provides an Slack C2 channel☆63Jan 5, 2026Updated last month
- This repository contains a collection of scripts I use regularly for offensive security-related tasks.☆15Jan 17, 2026Updated last month
- MacOS Stealer written in Rust. For Legal and Ethical Research Purposes Only.☆26Jan 3, 2025Updated last year
- Beacon Object File (BOF) to obtain Entra tokens via authcode flow.☆124Jan 17, 2026Updated last month
- An Aggressor Script that utilizes NtCreateUserProcess to run binaries☆30Jan 30, 2025Updated last year
- Collection of many ldap bofs for domain enumeration and privilege escalation. Created for use with the Adaptix C2.☆58Dec 15, 2025Updated 2 months ago
- Enable EFS service as low priv user (PE & BOF)☆21Jul 6, 2025Updated 7 months ago
- dcsync bof☆44Feb 13, 2026Updated 2 weeks ago
- WebClientRelayUp - an universal no-fix local privilege escalation in domain-joined windows workstations in default configuration.☆69Feb 25, 2026Updated last week
- Step-by-step documentation on how to decrypt SCCM database secrets offline☆50Oct 20, 2025Updated 4 months ago
- AppLocker-Based EDR Neutralization☆321Dec 19, 2025Updated 2 months ago
- Dynamic shellcode loader with sophisticated evasion capabilities☆286Oct 1, 2025Updated 5 months ago
- Cobalt Strike Beacon Object File to to change the user's desktop wallpaper☆17Sep 15, 2023Updated 2 years ago
- C2 Agent fully PIC for Mythic with advanced evasion capabilities, dotnet/powershell/shellcode/bof memory executions, lateral moviments, p…☆199Dec 30, 2025Updated 2 months ago
- A simple research-focused AES-based shellcode loader demonstrating in-memory execution and NTAPI techniques to help understand how custom…☆38Feb 19, 2026Updated last week
- Selective In-Memory Syscall Unhooking, a stealthy method to bypass user-mode hooks in ntdll.dll☆25Jul 9, 2025Updated 7 months ago
- Multithreaded C# .NET Assembly to enumerate accessible network shares in a domain☆34Nov 13, 2023Updated 2 years ago
- Cobalt Strike Beacon Object File (BOF) that obtain SYSTEM privilege with SeImpersonate privilege by passing a malicious IUnknwon object t…☆97Mar 20, 2023Updated 2 years ago
- Internal Monologue BOF☆79Dec 28, 2024Updated last year
- A POC for developing BOFs for Sliver, Havoc, Cobalt Strike or most COFFLoaders in Rust.☆75Aug 24, 2025Updated 6 months ago
- Execute commands, in/exfiltrate files using your custom RPC Server☆65Jan 13, 2026Updated last month
- Cobalt Strike Beacon Object File (BOF) that uses CredUIPromptForWindowsCredentials API to invoke credential prompt☆23Nov 23, 2022Updated 3 years ago
- Proof of Concept (PoC) implant for creating custom Cobalt Strike Beacons☆170Feb 11, 2026Updated 3 weeks ago
- Identify common EDR processes, directories, and services. Simple BOF of Invoke-EDRChecker.☆128Oct 4, 2024Updated last year
- Hijacks code execution via overwriting Control Flow Guard pointers in combase.dll☆137Apr 18, 2025Updated 10 months ago
- a repository that contains the program.cs source file that has D/Invoke bare minimum implementation and AES encryption for shellcode exec…☆23Feb 25, 2023Updated 3 years ago
- A simple Sleepmask BOF example☆168Nov 24, 2025Updated 3 months ago
- Porting of NPPSPY by Grzegorz Tworek to 'man in the middle' the user logon process, and store the user's name and password in an unassumi…☆19Apr 24, 2023Updated 2 years ago
- A Beacon Object File (BOF) template for Visual Studio☆269Nov 24, 2025Updated 3 months ago