PoC for dumping and decrypting cookies in the latest version of Microsoft Teams
☆131Nov 12, 2023Updated 2 years ago
Alternatives and similar repositories for teams_dump
Users that are interested in teams_dump are comparing it to the libraries listed below
Sorting:
- Reflective DLL to privesc from NT Service to SYSTEM using SeImpersonateToken privilege☆225Nov 23, 2023Updated 2 years ago
- Lifetime AMSI bypass by @ZeroMemoryEx ported to .NET Framework 4.8☆351Aug 29, 2024Updated last year
- A POC of a new “threadless” process injection technique that works by utilizing the concept of DLL Notification Callbacks in local and re…☆465Aug 23, 2023Updated 2 years ago
- A collection of tools using OCR to extract potential usernames from RDP screenshots.☆30Apr 15, 2024Updated last year
- Escalate Service Account To LocalSystem via Kerberos☆403Sep 14, 2023Updated 2 years ago
- Ask a TGS on behalf of another user without password☆482Mar 30, 2025Updated 11 months ago
- A GUI wrapper inside of Havoc to interact with bloodhound CE☆70Feb 3, 2024Updated 2 years ago
- Bypass Credential Guard by patching WDigest.dll using only NTAPI functions☆267Apr 8, 2025Updated 11 months ago
- Quicky serve files over http or https using flask.☆35Jan 26, 2025Updated last year
- Dump lsass using only NTAPI functions by hand-crafting Minidump files (without MiniDumpWriteDump!!!)☆701May 7, 2025Updated 10 months ago
- Scan strings or files for malware using the Windows Antimalware Scan Interface☆30Mar 24, 2023Updated 2 years ago
- ☆132Dec 4, 2023Updated 2 years ago
- Indirect Dynamic Syscall, SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird …☆779Jan 26, 2026Updated last month
- ☆92Aug 23, 2021Updated 4 years ago
- Tool to remotely dump secrets from the Windows registry☆522Feb 27, 2026Updated last week
- SuperSharpShares is a tool designed to automate enumerating domain shares, allowing for quick verification of accessible shares by your a…☆75May 3, 2024Updated last year
- NullSection is an Anti-Reversing tool that applies a technique that overwrites the section header with nullbytes.☆67Jan 20, 2024Updated 2 years ago
- This tool leverages the Process Forking technique using the RtlCreateProcessReflection API to clone the lsass.exe process. Once the clone…☆215Oct 19, 2024Updated last year
- ☆60Dec 15, 2023Updated 2 years ago
- A tool to generate a wordlist from the information present in LDAP, in order to crack passwords of domain accounts.☆372Sep 29, 2025Updated 5 months ago
- A beacon object file implementation of PoolParty Process Injection Technique.☆435Dec 21, 2023Updated 2 years ago
- Decrypt Veeam database passwords☆222Dec 8, 2025Updated 3 months ago
- A Large Action Model designed to operate on MacOS or Windows which interacts with common C2 interfaces such as Cobalt Strike, Havoc, or B…☆26Feb 29, 2024Updated 2 years ago
- PoC demonstrating a multi process injection chain aimed at remotely executing shellcode☆259Jan 21, 2024Updated 2 years ago
- Abusing Azure services over C2☆367Jan 20, 2026Updated last month
- A lexer and parser for Sleep☆20Feb 20, 2026Updated 2 weeks ago
- PoC for using MS Windows printers for persistence / command and control via Internet Printing☆150May 3, 2024Updated last year
- This repository implements Threadless Injection in C☆172Dec 23, 2023Updated 2 years ago
- The GPOddity project, aiming at automating GPO attack vectors through NTLM relaying (and more).☆360Dec 13, 2025Updated 2 months ago
- A PoC of the ContainYourself research presented in DEFCON 31, which abuses the Windows containers framework to bypass EDRs.☆317Aug 31, 2023Updated 2 years ago
- C# implementation of TokenFinder. Steal M365 access tokens from Office Desktop apps☆145Feb 1, 2026Updated last month
- DPAPI looting remotely and locally in Python☆542Oct 7, 2025Updated 5 months ago
- PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS.☆569Jan 20, 2026Updated last month
- A C# port from Invoke-GhostTask☆120Jan 5, 2024Updated 2 years ago
- Abuse leaked token handles.☆136Dec 14, 2023Updated 2 years ago
- payload Execution by Fake Windows SmartScreen with requires Administrator privileges & Turn off real SmartScreen Filter☆112Jan 12, 2024Updated 2 years ago
- Cobalt Strike + Brute Ratel C4 Beacon Object File (BOF) Conversion of the Mockingjay Process Injection Technique☆158Nov 7, 2023Updated 2 years ago
- Kill AV/EDR leveraging BYOVD attack☆394Jul 11, 2023Updated 2 years ago
- Local & remote Windows DLL Proxying☆169Jun 17, 2024Updated last year