PoC for CVE-2021-36934, which enables a standard user to be able to retrieve the SAM, Security, and Software Registry hives in Windows 10 version 1809 or newer
☆35Sep 24, 2022Updated 3 years ago
Alternatives and similar repositories for Invoke-HiveNightmare
Users that are interested in Invoke-HiveNightmare are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- BOF to terminate a process via PID as argument☆28Sep 7, 2025Updated 9 months ago
- Switch to JuicyPotato! https://github.com/decoder-it/juicy-potato☆12Feb 8, 2020Updated 6 years ago
- Beacon Object File implementation of Yaxser's Backstab☆15Mar 9, 2022Updated 4 years ago
- A technique to coerce a Windows SQL Server to authenticate on an arbitrary machine.☆133Oct 1, 2023Updated 2 years ago
- A BOF tool that can be used to collect passwords using CredUIPromptForWindowsCredentialsName.☆16Jun 16, 2022Updated 3 years ago
- Open source password manager - Proton Pass • AdSecurely store, share, and autofill your credentials with Proton Pass, the end-to-end encrypted password manager trusted by millions.
- VisualStudio port of https://github.com/guervild/BOFs/tree/dev/SilentLsassDump☆22Jul 6, 2023Updated 2 years ago
- Generate malicious files using recently published homoglyphic-attack (CVE-2021-42694)☆18May 2, 2026Updated last month
- Halos Gate-based NTAPI Unhooker☆52Apr 21, 2022Updated 4 years ago
- Python3 tool to perform password spraying using RDP☆17Aug 14, 2023Updated 2 years ago
- A powershell script that performs reflective parent process ID (PPID) spoofing and process hollowing to evade Windows Defender☆11Feb 17, 2023Updated 3 years ago
- Docker container escape enumeration tool.☆12Jan 23, 2021Updated 5 years ago
- Password attacks and MFA validation against various endpoints in Azure and Office 365☆151Feb 10, 2023Updated 3 years ago
- PoC: process watcher patterns to make killing a process hard.☆11Aug 1, 2018Updated 7 years ago
- Library of BOFs to interact with SQL servers☆16Dec 6, 2024Updated last year
- Deploy on Railway without the complexity - Free Credits Offer • AdConnect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
- ADFS Brute-Force Login Script☆10Mar 19, 2024Updated 2 years ago
- A Beacon Object File (BOF) for Cobalt Strike which uses direct system calls to enable WDigest credential caching.☆219May 3, 2023Updated 3 years ago
- Tutorial covering how to discover DLLs for Hijacking and how to create proxy DLLS using Microsoft Teams as an example☆16Apr 7, 2021Updated 5 years ago
- Out-of-the-Box Tool to Obfuscate Excel XLS. Include Obfuscation & Hide for Cell Labels & BoundSheets☆47Aug 4, 2021Updated 4 years ago
- A little scanner to check the LDAP Signing state☆46Aug 2, 2021Updated 4 years ago
- dcsync bof☆52Feb 13, 2026Updated 4 months ago
- ☆16Jun 16, 2021Updated 4 years ago
- Collection of things I've written on pentests to make life easier.☆16Mar 14, 2019Updated 7 years ago
- FrostLock Injection is a freeze/thaw-based code injection technique that uses Windows Job Objects to temporarily freeze (suspend) a targe…☆44Apr 6, 2025Updated last year
- Deploy open-source AI quickly and easily - Special Bonus Offer • AdRunpod Hub is built for open source. One-click deployment and autoscaling endpoints without provisioning your own infrastructure.
- Filesystem interaction via firebeam virtual machine execution☆54Mar 26, 2026Updated 2 months ago
- PIC lsass dumper using cloned handles☆594Oct 18, 2022Updated 3 years ago
- One day based on https://googleprojectzero.blogspot.com/2022/10/rc4-is-still-considered-harmful.html☆417Nov 10, 2024Updated last year
- PIC code gen and loading☆13Jul 25, 2017Updated 8 years ago
- A BOF for enumerating version information for DLLs associated for a Beacon process.☆16Nov 23, 2021Updated 4 years ago
- AIDA64DRIVER Elevation of Privilege Vulnerability☆17Oct 25, 2024Updated last year
- Proof of Concept code and samples presenting emerging threat of MSI installer files.☆91Dec 15, 2022Updated 3 years ago
- Bypassing Kerberoast Detections with Modified KDC Options and Encryption Types☆421Mar 21, 2025Updated last year
- Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF)☆319Nov 9, 2021Updated 4 years ago
- Deploy on Railway without the complexity - Free Credits Offer • AdConnect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
- DAFT: Database Audit Framework & Toolkit☆184Aug 11, 2021Updated 4 years ago
- Scripts for public use that we've randomly written, or have updated from other people's work.☆40Jun 25, 2024Updated last year
- Ruby On Rails unrestricted render() exploit☆16Feb 9, 2018Updated 8 years ago
- A parser to extract information from .nessus file format☆23Mar 26, 2021Updated 5 years ago
- Pass the Hash to a named pipe for token Impersonation☆310Nov 29, 2023Updated 2 years ago
- MS-FSRVP coercion abuse PoC☆302Dec 30, 2021Updated 4 years ago
- Building ActiveDirectory Lab for practicing various attack vectors used during Red Team engagement.☆38Feb 16, 2020Updated 6 years ago