NTFS parsing library in C#. Allows one to parse and read NTFS structures on disk.
☆32Jul 16, 2021Updated 4 years ago
Alternatives and similar repositories for NTFSCopy
Users that are interested in NTFSCopy are comparing it to the libraries listed below
Sorting:
- (First Public?) Sample of unhooking ntdll (All Exports & IAT imports) hooks in Rust using in-memory disassembly, avoiding direct syscalls…☆136Mar 3, 2025Updated 11 months ago
- Remap ntdll.dll using only NTAPI functions with a suspended process☆27Apr 13, 2025Updated 10 months ago
- Execute commands in other Sessions☆91Jul 29, 2024Updated last year
- ☆19Mar 16, 2021Updated 4 years ago
- Generate AES128/256 Kerberos keys for an AD account using a plaintext password and Python3☆81Jun 1, 2022Updated 3 years ago
- The BackupOperatorToolkit contains different techniques allowing you to escalate from Backup Operator to Domain Admin☆179Feb 14, 2023Updated 3 years ago
- ☆47Feb 11, 2023Updated 3 years ago
- WindowSpy is a Cobalt Strike Beacon Object File meant for automated and targeted user surveillance.☆281Feb 24, 2025Updated last year
- Impersonate Tokens using only NTAPI functions☆84Apr 4, 2025Updated 10 months ago
- A PoC that uses the DirSync protocol to poll Active Directory for changes☆13Aug 16, 2020Updated 5 years ago
- ☆36May 27, 2024Updated last year
- A VSCode devcontainer for development of COFF files with batteries included.☆50Jul 10, 2023Updated 2 years ago
- A simple script to elevate current session to SYSTEM (needs to be run as Administrator)☆16Nov 11, 2024Updated last year
- ps-like .NET Assembly for enumerating processes on the current machine or a remote machine.☆13Aug 12, 2019Updated 6 years ago
- Eset-Unload is a C++ tool that interacts with a process's loaded modules to identify and unload the ebehmoni.dll module, typically found …☆12Apr 21, 2025Updated 10 months ago
- ☆47Dec 5, 2025Updated 2 months ago
- A proof-of-concept created for academic/learning purposes, demonstrating both local and remote use of VSTO "Add-In's" maliciously☆32Feb 3, 2023Updated 3 years ago
- Secretsdump C# version only supporting local (live) operation☆55Apr 20, 2025Updated 10 months ago
- ☆13Jan 21, 2019Updated 7 years ago
- Simple Aggressor Scripts for Cobalt Strike☆13Sep 24, 2020Updated 5 years ago
- Port forwarding via MSRPC (445/tcp) [WIP]☆34Aug 26, 2021Updated 4 years ago
- Copy metadata and digital signatures information from one Windows executable to another using Wine on a non-Windows platform☆18Apr 17, 2024Updated last year
- A PoC that combines AutodialDLL lateral movement technique and SSP to scrape NTLM hashes from LSASS process.☆301Oct 26, 2022Updated 3 years ago
- A variation CredBandit that uses compression to reduce the size of the data that must be trasnmitted.☆19Jun 24, 2021Updated 4 years ago
- A tool for leveraging elevated acess over a computer to boot the computer into Windows Safe Mode, alter settings, and then boot back into…☆16Nov 6, 2021Updated 4 years ago
- hy-rs, pronounced high rise, provides a unified and portable to the hypervisor APIs provided by various platforms.☆20Mar 10, 2022Updated 3 years ago
- Finding secrets in kernel and user memory☆117Sep 6, 2023Updated 2 years ago
- 一键出网探测工具☆73Feb 25, 2023Updated 3 years ago
- ☆18Aug 19, 2021Updated 4 years ago
- Mythic C2 Agent written in x64 PIC C☆85Jan 29, 2025Updated last year
- A very proof-of-concept port of InlineWhispers for using syscalls in Nim projects.☆166Sep 10, 2021Updated 4 years ago
- Exploitation of echo_driver.sys☆170Sep 16, 2023Updated 2 years ago
- My implementation of the GIUDA project in C++☆189Jul 25, 2023Updated 2 years ago
- Detect whether a service is installed (blindly) and/or running (if exposing named pipes) on a remote machine without using local admin pr…☆237Sep 3, 2023Updated 2 years ago
- Use to copy a file from an NTFS partitioned volume by reading the raw volume and parsing the NTFS structures.☆119Apr 22, 2021Updated 4 years ago
- Kerberos protocol attacker☆139Feb 1, 2021Updated 5 years ago
- A collection of offensive Nim example code☆74Dec 21, 2021Updated 4 years ago
- AAD related enumeration in Nim☆132Sep 7, 2023Updated 2 years ago
- Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from mem…☆115Oct 21, 2023Updated 2 years ago