SolomonSklash / netntlmView external linksLinks
A crappy hook on SpAcceptLsaModeContext that prints incoming auth attempts. WIP
☆37Jul 27, 2021Updated 4 years ago
Alternatives and similar repositories for netntlm
Users that are interested in netntlm are comparing it to the libraries listed below
Sorting:
- DLL Exports Extraction BOF with optional NTFS transactions.☆90Nov 5, 2021Updated 4 years ago
- just manipulatin these here tokens yes sir nothing weird☆22Apr 18, 2022Updated 3 years ago
- A collection of scripts used to support an OffSecOps pipeline.☆14Jan 31, 2021Updated 5 years ago
- A *very* imperfect attempt to correlate Kernel32 function calls to native API (Nt/Zw) counterparts/execution flow.☆28Dec 16, 2021Updated 4 years ago
- ☆274Jan 14, 2023Updated 3 years ago
- A BOF for enumerating version information for DLLs associated for a Beacon process.☆16Nov 23, 2021Updated 4 years ago
- ☆118Aug 7, 2022Updated 3 years ago
- Modifies machine.config for persistence after installing signed .net assembly onto GAC☆13Mar 17, 2022Updated 3 years ago
- A PoC for adding NtContinue to CFG allowed list in order to make Ekko work in a CFG protected process☆113Aug 29, 2022Updated 3 years ago
- miscellaneous scripts and programs☆274Jan 23, 2025Updated last year
- A small example of loading BOFs in Python with pure reflection☆19Jan 26, 2023Updated 3 years ago
- PoC: Rebuild A New Path Back to the Heaven's Gate (HITB 2021)☆109May 27, 2021Updated 4 years ago
- leaking net-ntlm with webdav☆26Feb 23, 2021Updated 4 years ago
- Protected Process (Light) Dump: Uses Zemana AntiMalware Engine To Open a Privileged Handle to a PP/PPL Process And Inject MiniDumpWriteDu…☆25Mar 26, 2020Updated 5 years ago
- Example code for using named pipe output with beacon ReflectiveDLLs☆121Jun 24, 2020Updated 5 years ago
- API Hammering with C++20☆50Jul 21, 2022Updated 3 years ago
- Running .NET from VBA☆149Feb 11, 2023Updated 3 years ago
- LdrLoadDll Unhooking☆135Jan 16, 2022Updated 4 years ago
- An injector that aims to be stealthy by using non suspicious API calls. Inspired by (https://github.com/FuzzySecurity/Sharp-Suite/tree/ma…☆24Jun 17, 2020Updated 5 years ago
- ☆29May 10, 2024Updated last year
- Modified Version of Melkor @FuzzySecurity capable of creating disposable AppDomains in injected processes.☆28Sep 8, 2021Updated 4 years ago
- ☆93Aug 23, 2021Updated 4 years ago
- all credits go to @mgeeky☆64Oct 14, 2021Updated 4 years ago
- MiniDumpWriteDump behavior modification hook☆50Feb 15, 2021Updated 4 years ago
- maldev obviously☆28May 5, 2025Updated 9 months ago
- Finding Truth in the Shadows☆120Jan 26, 2023Updated 3 years ago
- ☆44Oct 16, 2023Updated 2 years ago
- My experience using Windows API for offensive purposes☆17Jul 10, 2021Updated 4 years ago
- Beacon Object File (BOF) for remote process injection via thread hijacking☆219Jan 13, 2021Updated 5 years ago
- Read the contents of MS Word Documents using Cobalt Strike's Execute-Assembly☆117Sep 30, 2024Updated last year
- Dumping SAM / SECURITY / SYSTEM registry hives with a Beacon Object File☆214Oct 8, 2020Updated 5 years ago
- Tool for interacting with outlook interop during red team engagements☆146Jun 29, 2021Updated 4 years ago
- Basic implementation of Cobalt Strikes - User Defined Reflective Loader feature☆101Feb 28, 2023Updated 2 years ago
- This project is created for research into antivirus evasion by unhooking.☆18Sep 2, 2021Updated 4 years ago
- ☆113Oct 10, 2022Updated 3 years ago
- A Cobalt Strike Beacon Object File (BOF) project which uses direct system calls to enumerate processes for specific loaded modules or pro…☆275May 3, 2023Updated 2 years ago
- A small .NET compression utility☆57Feb 2, 2022Updated 4 years ago
- A simple BOF that frees UDRLs☆122May 29, 2022Updated 3 years ago
- ☆152Jan 6, 2023Updated 3 years ago