ad0nis/ntlm_relay_gat

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/ad0nis/ntlm_relay_gat)

ad0nis / ntlm_relay_gat

☆168

Alternatives and similar repositories for ntlm_relay_gat

Users that are interested in ntlm_relay_gat are comparing it to the libraries listed below

Sorting:

itaymigdal / LOLSpoof
View on GitHub
An interactive shell to spoof some LOLBins command line
☆188Jan 27, 2024Updated 2 years ago
mlcsec / proctools
View on GitHub
Small toolkit for extracting information and dumping sensitive strings from Windows processes
☆117Jul 17, 2024Updated last year
decoder-it / DFSCoerce-exe-2
View on GitHub
DFSCoerce exe revisited version with custom authentication
☆42Jan 13, 2024Updated 2 years ago
synacktiv / GPOddity
View on GitHub
The GPOddity project, aiming at automating GPO attack vectors through NTLM relaying (and more).
☆360Dec 13, 2025Updated 2 months ago
Slowerzs / ThievingFox
View on GitHub
☆568Mar 28, 2024Updated last year
p0dalirius / pyLDAPWordlistHarvester
View on GitHub
A tool to generate a wordlist from the information present in LDAP, in order to crack passwords of domain accounts.
☆372Sep 29, 2025Updated 5 months ago
sokaRepo / CoercedPotatoRDLL
View on GitHub
Reflective DLL to privesc from NT Service to SYSTEM using SeImpersonateToken privilege
☆225Nov 23, 2023Updated 2 years ago
FalconForceTeam / SOAPHound
View on GitHub
SOAPHound is a custom-developed .NET data collector tool which can be used to enumerate Active Directory environments via the Active Dire…
☆863Feb 3, 2024Updated 2 years ago
CICADA8-Research / RemoteKrbRelay
View on GitHub
Remote Kerberos Relay made easy! Advanced Kerberos Relay Framework
☆638May 8, 2025Updated 10 months ago
jfjallid / go-secdump
View on GitHub
Tool to remotely dump secrets from the Windows registry
☆522Feb 27, 2026Updated last week
MWR-CyberSec / AD-CS-Forest-Exploiter
View on GitHub
Exploit AD CS misconfiguration allowing privilege escalation and persistence from any child domain to full forest compromise
☆129Dec 2, 2023Updated 2 years ago
grimlockx / ADCSKiller
View on GitHub
An ADCS Exploitation Automation Tool Weaponizing Certipy and Coercer
☆740May 19, 2023Updated 2 years ago
fin3ss3g0d / NativeThreadpool
View on GitHub
Work, timer, and wait callback example using solely Native Windows APIs.
☆88Feb 11, 2024Updated 2 years ago
huntandhackett / PassiveAggression
View on GitHub
Source code and examples for PassiveAggression
☆64Jun 6, 2024Updated last year
Malcrove / SeamlessPass
View on GitHub
A tool leveraging Kerberos tickets to get Microsoft 365 access tokens using Seamless SSO
☆237Aug 25, 2024Updated last year
decoder-it / ADCSCoercePotato
View on GitHub
☆242May 5, 2024Updated last year
RePRGM / Nimperiments
View on GitHub
Various one-off pentesting projects written in Nim. Updates happen on a whim.
☆160Jul 14, 2025Updated 7 months ago
logangoins / Cable
View on GitHub
.NET post-exploitation toolkit for Active Directory reconnaissance and exploitation
☆399Jul 23, 2025Updated 7 months ago
JPG0mez / ADCSync
View on GitHub
Use ESC1 to perform a makeshift DCSync and dump hashes
☆210Nov 2, 2023Updated 2 years ago
danti1988 / adcshunter
View on GitHub
Uses rpcdump to locate the ADCS server, and identify if ESC8 is vulnerable from unauthenticated perspective.
☆82Sep 13, 2024Updated last year
ricardojoserf / NativeDump
View on GitHub
Dump lsass using only NTAPI functions by hand-crafting Minidump files (without MiniDumpWriteDump!!!)
☆701May 7, 2025Updated 10 months ago
CyberSecurityN00b / shellfeck
View on GitHub
A BrainF*ck Inspired Shell Obfuscation Proof-of-Concept
☆16Mar 11, 2024Updated last year
synacktiv / SCCMSecrets
View on GitHub
SCCMSecrets.py aims at exploiting SCCM policies distribution for credentials harvesting, initial access and lateral movement.
☆261Nov 22, 2025Updated 3 months ago
decoder-it / TokenStealer
View on GitHub
☆163Oct 25, 2023Updated 2 years ago
icyguider / UAC-BOF-Bonanza
View on GitHub
Collection of UAC Bypass Techniques Weaponized as BOFs
☆609Feb 21, 2024Updated 2 years ago
dmcxblue / SharpGhostTask
View on GitHub
A C# port from Invoke-GhostTask
☆120Jan 5, 2024Updated 2 years ago
foxlox / GIUDA
View on GitHub
Ask a TGS on behalf of another user without password
☆482Mar 30, 2025Updated 11 months ago
ricardojoserf / TrickDump
View on GitHub
Dump lsass using only NTAPI functions creating 3 JSON and 1 ZIP file... and generate the MiniDump file later!
☆539May 9, 2025Updated 10 months ago
zblurx / certsync
View on GitHub
Dump NTDS with golden certificates and UnPAC the hash
☆647Mar 20, 2024Updated last year
mlcsec / EDRenum-BOF
View on GitHub
Identify common EDR processes, directories, and services. Simple BOF of Invoke-EDRChecker.
☆129Oct 4, 2024Updated last year
LuemmelSec / APEX
View on GitHub
Azure Post Exploitation Framework
☆244Oct 27, 2025Updated 4 months ago
Xre0uS / MultiDump
View on GitHub
MultiDump is a post-exploitation tool for dumping and extracting LSASS memory discreetly.
☆538Nov 14, 2025Updated 3 months ago
florylsk / ExecIT
View on GitHub
Execute shellcode files with rundll32
☆217Jan 28, 2024Updated 2 years ago
wh0amitz / S4UTomato
View on GitHub
Escalate Service Account To LocalSystem via Kerberos
☆403Sep 14, 2023Updated 2 years ago
redrays-io / SAP-Penetration-Testing
View on GitHub
SAP Penetration Testing: A Comprehensive Analysis of SAP Security Issues
☆41Nov 23, 2023Updated 2 years ago
trustedsec / orpheus
View on GitHub
Bypassing Kerberoast Detections with Modified KDC Options and Encryption Types
☆412Mar 21, 2025Updated 11 months ago
login-securite / conpass
View on GitHub
Continuous password spraying tool
☆201Dec 4, 2025Updated 3 months ago
MalwareTech / EDR-Preloader
View on GitHub
An EDR bypass that prevents EDRs from hooking or loading DLLs into our process by hijacking the AppVerifier layer
☆541Feb 13, 2024Updated 2 years ago
mertdas / SharpLateral
View on GitHub
Lateral Movement
☆126Nov 14, 2023Updated 2 years ago