Decrypt SCCM and DPAPI secrets with Powershell.
☆45Jun 24, 2025Updated 8 months ago
Alternatives and similar repositories for Invoke-PowerDPAPI
Users that are interested in Invoke-PowerDPAPI are comparing it to the libraries listed below
Sorting:
- A PowerShell script designed to detect misconfigured Azure Storage Accounts that could potentially be exploited for privilege escalation …☆13Apr 25, 2024Updated last year
- Impersonate Windows tokens in Nim☆23Aug 4, 2025Updated 6 months ago
- Tool to bypass LSA Protection (aka Protected Process Light)☆64Jan 2, 2025Updated last year
- Remote DLL Injection with Timer-based Shellcode Execution☆154Jul 18, 2025Updated 7 months ago
- Powershell and python utilties for Entra Connect☆28Jun 5, 2025Updated 8 months ago
- Remap ntdll.dll using only NTAPI functions with a suspended process☆27Apr 13, 2025Updated 10 months ago
- Scan files for potential threats while leveraging AMSI (Antimalware Scan Interface) and Windows Defender. By isolating malicious content.☆37Jan 2, 2025Updated last year
- Step-by-step documentation on how to decrypt SCCM database secrets offline☆50Oct 20, 2025Updated 4 months ago
- Add Shadow Credentials to a target object by editing their msDS-KeyCredentialLink attribute☆25Jun 5, 2024Updated last year
- TokenCert☆102Nov 15, 2024Updated last year
- Azure AiTM Function PoC to phish Entra ID Credentials☆28Nov 21, 2025Updated 3 months ago
- Hooked create process injection for meterpreter☆23Jun 16, 2021Updated 4 years ago
- ☆117Jun 17, 2025Updated 8 months ago
- Recon scripts for Red Team and Web blackbox auditing☆26Feb 20, 2026Updated last week
- Panoptes Endpoint Detection and Response Solution☆42Jan 19, 2026Updated last month
- ☆31May 16, 2024Updated last year
- Bounces when a fish bites - Evilginx database monitoring with exfiltration automation☆182Jun 9, 2024Updated last year
- Bash and ZSH integration for Impacket☆73Nov 6, 2025Updated 3 months ago
- ☆47Dec 5, 2025Updated 2 months ago
- adws enumeration bof☆167Feb 16, 2026Updated last week
- Quick python script to replace the NtAPI functions within SysWhispers' assembly and header files with random strings☆28May 30, 2022Updated 3 years ago
- tool for requesting Entra ID's P2P certificate and authenticating to a remote Entra joinned devices with it☆131Aug 23, 2025Updated 6 months ago
- Impersonate Tokens using only NTAPI functions☆84Apr 4, 2025Updated 10 months ago
- Parser and reconciliation tooling for large Active Directory environments.☆33Feb 18, 2025Updated last year
- GetSystem-LCI is a PowerShell script to escalate privileges from Administrator to NT AUTHORITY\SYSTEM by abusing LanguageComponentsInstal…☆36Nov 24, 2024Updated last year
- SharpShareFinder is a minimalistic network share discovery POC designed to enumerate shares in Windows Active Directory networks leveragi…☆36Jul 10, 2024Updated last year
- ☆82Apr 9, 2024Updated last year
- A port of classic netcat to C#☆34Jan 21, 2023Updated 3 years ago
- A fucking real shellcode loader with a GUI. Work-in-Progress.☆82Jun 25, 2025Updated 8 months ago
- Remote command line LSASS extractor☆33Aug 25, 2025Updated 6 months ago
- ☆50Jun 4, 2025Updated 8 months ago
- ☆88Jul 28, 2022Updated 3 years ago
- A fully compatible replacement of Windows NT NtCreateLowBoxToken syscall - precisely restored from reverse engineering☆43Jun 10, 2025Updated 8 months ago
- ☆44Feb 6, 2025Updated last year
- Secure NotebookLM MCP Server - Query Google NotebookLM from Claude/AI agents with 14 security hardening layers☆30Feb 20, 2026Updated last week
- Creation and removal of Defender path exclusions and exceptions in C#.☆32Nov 1, 2023Updated 2 years ago
- Bunch of BOF files☆39Jun 30, 2025Updated 8 months ago
- A Python POC for CRED1 over SOCKS5☆164Oct 5, 2024Updated last year
- Simple pure PowerShell POC to bypass Entra / Intune Compliance Conditional Access Policy☆167Nov 17, 2025Updated 3 months ago