X-C3LL / SharpNTLMRawUnHide
C# version of NTLMRawUnHide
β71Updated last year
Related projects: β
- Enumerate information from NTLM authentication enabled web endpoints πβ34Updated last year
- HelpSystems Nanodump, but wrapped in powershell via Invoke-ReflectivePEInjectionβ53Updated 2 years ago
- Click Once + App Domainβ61Updated 9 months ago
- Depending on the AV/EPP/EDR creating a Taskschedule Job with a default cradle is often flaggedβ86Updated 2 years ago
- β61Updated 2 years ago
- β65Updated this week
- β64Updated 5 months ago
- A .NET Runtime for Cobalt Strike's Beacon Object Filesβ57Updated 8 months ago
- Unchain AMSI by patching the providerβs unmonitored memory spaceβ87Updated last year
- Lockless BOFβ62Updated 7 months ago
- β87Updated 2 years ago
- A care package of useful bofs for red team engagmentsβ47Updated last year
- Payload for DLL sideloading of the OneDriveUpdater.exe, based on the PaloAltoNetwork Unit42's blog postβ84Updated last year
- Section Mapping Process Injection (secinject): Cobalt Strike BOFβ87Updated 2 years ago
- Programmatically start WebClient from an unprivileged session to enable that juicy privesc.β60Updated last year
- Lateral Movement via the .NET Profilerβ74Updated 3 months ago
- this repo is to cover the other undocumented or published / in different langaue to achieve shellcode injection via windows callback funcβ¦β81Updated 2 years ago
- A C# tool to output crackable DPAPI hashes from user MasterKeysβ129Updated this week
- BadExclusionsNWBO is an evolution from BadExclusions to identify folder custom or undocumented exclusions on AV/EDRβ69Updated 7 months ago
- Windows Persistence Toolkit in C#β34Updated last year
- Proof of Concept code and samples presenting emerging threat of MSI installer files.β77Updated last year
- β81Updated 3 years ago
- Modified versions of the Cobalt Strike Process Injection Kitβ85Updated 7 months ago
- a short C code POC to gain persistence and evade sysmon event code registry (creation, update and deletion) REG_NOTIFY_CLASS Registry Calβ¦β49Updated last year
- Slide decks and/or materials from conference presentationsβ55Updated last year
- β35Updated 2 years ago
- Cobalt Strike BOF for quser.exe implementation using Windows APIβ82Updated last year
- β68Updated last year
- a simple poc showcasing the ability of an admin to suspend EDR's protected processes , making it uselessβ39Updated 2 months ago
- Add Shadow Credentials to a target object by editing their msDS-KeyCredentialLink attributeβ19Updated 3 months ago