Wh04m1001 / SysmonEoP

Related projects ⓘ

Alternatives and complementary repositories for SysmonEoP

• nettitude / ETWHash
  C# POC to extract NetNTLMv1/v2 hashes from ETW provider
  ☆250Updated last year
• Wh04m1001 / CVE-2023-29343
  ☆159Updated last year
• Kudaes / Dumpy
  Reuse open handles to dynamically dump LSASS.
  ☆234Updated 7 months ago
• eladshamir / RPC-Backdoor
  A basic emulation of an "RPC Backdoor"
  ☆207Updated 2 years ago
• mdsecactivebreach / DragonCastle
  A PoC that combines AutodialDLL lateral movement technique and SSP to scrape NTLM hashes from LSASS process.
  ☆292Updated 2 years ago
• smokeme / airstrike
  ☆154Updated 3 months ago
• evilashz / CheeseOunce
  Coerce Windows machines auth via MS-EVEN
  ☆153Updated 9 months ago
• Mr-Un1k0d3r / AMSI-ETW-Patch
  Patch AMSI and ETW
  ☆230Updated 6 months ago
• N4kedTurtle / PersistBOF
  A BOF to automate common persistence tasks for red teamers
  ☆267Updated last year
• waldo-irc / YouMayPasser
  You shall pass
  ☆248Updated 2 years ago
• decoder-it / ADCSCoercePotato
  ☆207Updated 6 months ago
• florylsk / SignatureGate
  Weaponized HellsGate/SigFlip
  ☆191Updated last year
• xpn / ntlmquic
  POC tools for exploring SMB over QUIC protocol
  ☆121Updated 2 years ago
• EspressoCake / DLL-Hijack-Search-Order-BOF
  DLL Hijack Search Order Enumeration BOF
  ☆141Updated 3 years ago
• nettitude / Tartarus-TpAllocInject
  ☆173Updated 11 months ago
• OmriBaso / RToolZ
  A Stealthy Lsass Dumper - can abuse ProcExp152.sys driver to dump PPL Lsass, no dbghelp.lib calls.
  ☆313Updated last year
• wh0amitz / SharpRODC
  To audit the security of read-only domain controllers
  ☆113Updated 11 months ago
• WKL-Sec / dcomhijack
  Lateral Movement Using DCOM and DLL Hijacking
  ☆279Updated last year
• mandiant / ccmpwn
  ☆181Updated 7 months ago
• MzHmO / TGSThief
  My implementation of the GIUDA project in C++
  ☆155Updated last year
• nickvourd / COM-Hunter
  COM Hijacking VOODOO
  ☆257Updated 7 months ago
• wavvs / nanorobeus
  COFF file (BOF) for managing Kerberos tickets.
  ☆280Updated last year
• hrtywhy / BOF-CobaltStrike
  Useful Cobalt Strike Beacon Object Files (BOFs) used during red teaming and penetration testing engagements.
  ☆75Updated 2 years ago
• horizon3ai / backup_dc_registry
  A simple POC that abuses Backup Operator privileges to remote dump SAM, SYSTEM, and SECURITY
  ☆77Updated 2 years ago
• G0ldenGunSec / GetWebDAVStatus
  Determine if the WebClient Service (WebDAV) is running on a remote system
  ☆121Updated 8 months ago
• klezVirus / NimlineWhispers3
  A tool for converting SysWhispers3 syscalls for use with Nim projects
  ☆138Updated 2 years ago
• NUL0x4C / NoRunPI
  Run Your Payload Without Running Your Payload
  ☆176Updated 2 years ago
• pwnsauc3 / RWXfinder
  The program uses the Windows API functions to traverse through directories and locate DLL files with RWX section
  ☆94Updated last year
• praetorian-inc / ADFSRelay
  Proof of Concept Utilities Developed to Research NTLM Relaying Attacks Targeting ADFS
  ☆173Updated 2 years ago