Analyzes AdminSDHolder permissions & compares with default baseline or a previous run, to detect potential backdoor/excessive persistent permission(s)
☆15Apr 8, 2025Updated 10 months ago
Alternatives and similar repositories for Invoke-AdminSDHolderPermissionCheck
Users that are interested in Invoke-AdminSDHolderPermissionCheck are comparing it to the libraries listed below
Sorting:
- ☆16Jun 15, 2025Updated 8 months ago
- A simple rpc2socks alternative in pure Go.☆31Jul 8, 2024Updated last year
- Eset-Unload is a C++ tool that interacts with a process's loaded modules to identify and unload the ebehmoni.dll module, typically found …☆12Apr 21, 2025Updated 10 months ago
- Cobalt Strike Beacon Object File (BOF) that obtain SYSTEM privilege with SeImpersonate privilege by passing a malicious IUnknwon object t…☆13Feb 4, 2024Updated 2 years ago
- Exploit Proof-of-Concept code for XAMPP v3.3.0 — '.ini' Buffer Overflow (Unicode + SEH)☆14Nov 1, 2023Updated 2 years ago
- BOF implementation of Adopt. Spawns a process from a process. Can sometimes be used to run a session > 0 process from session 0.☆17Jul 22, 2022Updated 3 years ago
- A C# Tool to gather information about email breaches☆16Dec 21, 2023Updated 2 years ago
- Toolkit of Projects to attack and evade Event Trace for Windows☆26Aug 28, 2025Updated 6 months ago
- Enumerate SSN (System Service Numbers or Syscall ID) and syscall instruction address in ntdll module by parsing the PEB of the current pr…☆21Jan 28, 2024Updated 2 years ago
- This extension enhances Burp Suite by adding several UI and functional features, making it more user-friendly.☆76Dec 17, 2024Updated last year
- ☆79Aug 2, 2023Updated 2 years ago
- just manipulatin these here tokens yes sir nothing weird☆22Apr 18, 2022Updated 3 years ago
- A utility that can be used to launch an executable with a DLL injected☆19Nov 20, 2023Updated 2 years ago
- PoC arbitrary WPM without a process handle☆20Jul 22, 2023Updated 2 years ago
- Tools for Attacking Pleasant Password Server☆22Sep 19, 2023Updated 2 years ago
- Yet Another Memory Analyzer for malware detection☆24Aug 4, 2023Updated 2 years ago
- Loading and executing shellcode in C# without PInvoke.☆22Jan 10, 2022Updated 4 years ago
- wsnet☆26Feb 19, 2026Updated last week
- modified mssqlclient from impacket to extract policies from the SCCM database☆44Feb 24, 2026Updated last week
- ShadowForge Command & Control - Harnessing the power of Zoom's API, control a compromised Windows Machine from your Zoom Chats.☆52Jul 15, 2023Updated 2 years ago
- A system administration or post-exploitation script to automatically extract the bitlocker recovery keys from a domain.☆388Jan 20, 2026Updated last month
- Tool to obtain hash using MS-SNTP for user accounts☆29Jan 22, 2025Updated last year
- Retrieve LAPS passwords from a domain. The tools is inspired in pyLAPS.☆32Mar 8, 2025Updated 11 months ago
- Various PowerShell scripts that may be useful during red team exercise☆21Apr 28, 2022Updated 3 years ago
- A work in progress of constructing a minimal http(s) beacon for Cobalt Strike.☆27Apr 28, 2022Updated 3 years ago
- Items related to the RedELK workshop given at security conferences☆29Sep 28, 2023Updated 2 years ago
- Slides from out talk at BH IL 2022☆29Mar 21, 2022Updated 3 years ago
- The project is called GreatSCT (Great Scott). GreatSCT is an open source project to generate application white list bypasses. This tool i…☆29May 5, 2018Updated 7 years ago
- Microsoft Telnet Client MS-TNAP Server-Side Authentication Token Exploit☆63Feb 2, 2026Updated last month
- A Beacon Object File (BOF) implementation of the 'cat' command☆26Feb 11, 2023Updated 3 years ago
- ☆31Sep 23, 2022Updated 3 years ago
- A class to emulate the behavior of NtQuerySystemInformation when passed the SystemHypervisorDetailInformation information class☆27Sep 15, 2023Updated 2 years ago
- A command-line utility for auditing DNS configuration using Zonemaster API☆32Aug 21, 2023Updated 2 years ago
- Capture screenshots from .NET using .NET methods or Windows API calls☆66Mar 9, 2020Updated 5 years ago
- Demonstration of Early Bird APC Injection - MITRE ID T1055.004☆35Oct 31, 2023Updated 2 years ago
- A C port of b33f's UrbanBishop☆38Oct 1, 2020Updated 5 years ago
- GetSystem-LCI is a PowerShell script to escalate privileges from Administrator to NT AUTHORITY\SYSTEM by abusing LanguageComponentsInstal…☆36Nov 24, 2024Updated last year
- Convert ldapdomaindump to Bloodhound☆80Dec 19, 2023Updated 2 years ago
- Finding SSL Blindspots for Red Teams☆34Jul 28, 2020Updated 5 years ago