Decrypt SCCM and DPAPI secrets with Powershell.
☆45Jun 24, 2025Updated 8 months ago
Alternatives and similar repositories for Invoke-PowerDPAPI
Users that are interested in Invoke-PowerDPAPI are comparing it to the libraries listed below
Sorting:
- A PowerShell script designed to detect misconfigured Azure Storage Accounts that could potentially be exploited for privilege escalation …☆13Apr 25, 2024Updated last year
- Tool to bypass LSA Protection (aka Protected Process Light)☆64Jan 2, 2025Updated last year
- GetSystem-LCI is a PowerShell script to escalate privileges from Administrator to NT AUTHORITY\SYSTEM by abusing LanguageComponentsInstal…☆36Nov 24, 2024Updated last year
- Remote DLL Injection with Timer-based Shellcode Execution☆154Jul 18, 2025Updated 8 months ago
- Impersonate Windows tokens in Nim☆23Aug 4, 2025Updated 7 months ago
- Hooked create process injection for meterpreter☆23Jun 16, 2021Updated 4 years ago
- Recon scripts for Red Team and Web blackbox auditing☆25Mar 3, 2026Updated 2 weeks ago
- Scan files for potential threats while leveraging AMSI (Antimalware Scan Interface) and Windows Defender. By isolating malicious content.☆37Jan 2, 2025Updated last year
- Powershell and python utilties for Entra Connect☆29Jun 5, 2025Updated 9 months ago
- TokenCert☆102Nov 15, 2024Updated last year
- Impacket pre-compiled binaries☆18Jul 31, 2023Updated 2 years ago
- Azure AiTM Function PoC to phish Entra ID Credentials☆28Nov 21, 2025Updated 3 months ago
- ☆31May 16, 2024Updated last year
- Step-by-step documentation on how to decrypt SCCM database secrets offline☆50Oct 20, 2025Updated 5 months ago
- Add Shadow Credentials to a target object by editing their msDS-KeyCredentialLink attribute☆25Jun 5, 2024Updated last year
- ☆45Feb 6, 2025Updated last year
- ☆117Jun 17, 2025Updated 9 months ago
- Remap ntdll.dll using only NTAPI functions with a suspended process☆28Apr 13, 2025Updated 11 months ago
- ☆88Jul 28, 2022Updated 3 years ago
- Store my 'Useful Commands' for HTB/OSCP and additional notes from my Obisidan. Merge into Obsidian for direct formatting. Also check out …☆16Aug 16, 2023Updated 2 years ago
- ☆82Apr 9, 2024Updated last year
- Bounces when a fish bites - Evilginx database monitoring with exfiltration automation☆182Jun 9, 2024Updated last year
- Creation and removal of Defender path exclusions and exceptions in C#.☆32Nov 1, 2023Updated 2 years ago
- A fully compatible replacement of Windows NT NtCreateLowBoxToken syscall - precisely restored from reverse engineering☆43Jun 10, 2025Updated 9 months ago
- Simple pure PowerShell POC to bypass Entra / Intune Compliance Conditional Access Policy☆168Nov 17, 2025Updated 4 months ago
- Tartocitron is a repo to have fun with malwares and the Rust language. This repo provides working examples of dropper written in Rust.☆11May 31, 2022Updated 3 years ago
- Bash and ZSH integration for Impacket☆72Nov 6, 2025Updated 4 months ago
- ☆14Sep 26, 2023Updated 2 years ago
- A Python POC for CRED1 over SOCKS5☆165Oct 5, 2024Updated last year
- Pure PowerShell port of PassTheCert tool to authenticate to an LDAP/S server with a certificate through Schannel☆61Apr 13, 2025Updated 11 months ago
- A fucking real shellcode loader with a GUI. Work-in-Progress.☆82Jun 25, 2025Updated 8 months ago
- Impersonate Tokens using only NTAPI functions☆84Apr 4, 2025Updated 11 months ago
- CLI monitor for windows process- & file activity☆97Nov 20, 2020Updated 5 years ago
- adws enumeration bof☆169Feb 16, 2026Updated last month
- Advanced shellcode injector for images supports BMP, GIF, EXIF (JPEG), and LSB (PNG) techniques. Includes XOR encoding, offset indexing, …☆26Jun 11, 2025Updated 9 months ago
- ☆48Dec 5, 2025Updated 3 months ago
- tool for requesting Entra ID's P2P certificate and authenticating to a remote Entra joinned devices with it☆136Aug 23, 2025Updated 6 months ago
- Quick python script to replace the NtAPI functions within SysWhispers' assembly and header files with random strings☆28May 30, 2022Updated 3 years ago
- Claude MCP server to perform analysis on ROADrecon data☆49Mar 30, 2025Updated 11 months ago