Similar to Petitpotam, the netdfs service is enabled in Windows Server and AD environments, and the abused RPC method allows privileged processes to access malicious pipes for exploitation
☆49Jun 21, 2022Updated 3 years ago
Alternatives and similar repositories for magicNetdefs
Users that are interested in magicNetdefs are comparing it to the libraries listed below
Sorting:
- ☆88Jul 31, 2022Updated 3 years ago
- Proof of Concept Utilities Developed to Research NTLM Relaying Attacks Targeting ADFS☆187Jun 22, 2022Updated 3 years ago
- MS-FSRVP coercion abuse PoC☆303Dec 30, 2021Updated 4 years ago
- Beacon Object File implementation of Event Viewer deserialization UAC bypass☆133May 6, 2022Updated 3 years ago
- More examples using the Impacket library designed for learning purposes.☆264Nov 4, 2022Updated 3 years ago
- Proof of Concept code and samples presenting emerging threat of MSI installer files.☆90Dec 15, 2022Updated 3 years ago
- Patch AMSI and ETW☆249May 8, 2024Updated last year
- A tool to find folders excluded from AV real-time scanning using a time oracle☆233Feb 13, 2024Updated 2 years ago
- C# implementation of the token privilege removal flaw discovered by @GabrielLandau/Elastic☆144Feb 23, 2022Updated 4 years ago
- A PoC implementation for an evasion technique to terminate the current thread and restore it before resuming execution, while implementin…☆536Aug 1, 2022Updated 3 years ago
- ☆30Nov 7, 2022Updated 3 years ago
- Retrieve AD accounts description and search for password in it☆82Jul 21, 2022Updated 3 years ago
- An other No-Fix LPE, NTLMRelay2Self over HTTP (Webdav).☆418Jan 27, 2024Updated 2 years ago
- A list of methods to coerce a windows machine to authenticate to an attacker-controlled machine through a Remote Procedure Call (RPC) wit…☆590Jan 31, 2025Updated last year
- A post-exploitation strategy for persistence and egress from networks utilizing authenticated web proxies☆34Sep 15, 2022Updated 3 years ago
- A Combination LSASS Dumper and LSASS Parser. All Credit goes to @slyd0g and @cube0x0.☆151Nov 21, 2021Updated 4 years ago
- Unchain AMSI by patching the provider’s unmonitored memory space☆91Nov 24, 2022Updated 3 years ago
- Dump NTDS with golden certificates and UnPAC the hash☆647Mar 20, 2024Updated last year
- A faithful transposition of the key features/functionality of @itm4n's PPLDump project as a BOF.☆143Sep 24, 2021Updated 4 years ago
- A technique to coerce a Windows SQL Server to authenticate on an arbitrary machine.☆132Oct 1, 2023Updated 2 years ago
- Nim Library for Offensive Security Development☆197Sep 4, 2023Updated 2 years ago
- D/Invoke implementation in Nim☆101Jun 8, 2022Updated 3 years ago
- Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF) via Syswhispers2☆187Jul 21, 2022Updated 3 years ago
- Python library with CLI allowing to remotely dump domain user credentials via an ADCS without dumping the LSASS process memory☆398Aug 15, 2025Updated 6 months ago
- You shall pass☆270Jul 16, 2022Updated 3 years ago
- A PoC that combines AutodialDLL lateral movement technique and SSP to scrape NTLM hashes from LSASS process.☆301Oct 26, 2022Updated 3 years ago
- Spawns a process from a process. Can sometimes be used to run a session > 0 process from session 0.☆20Jul 8, 2022Updated 3 years ago
- Repository for dirty scripts and PoCs☆20Feb 18, 2025Updated last year
- ☆105Jul 31, 2024Updated last year
- A .NET XOR encrypted cobalt strike aggressor implementation for chisel to utilize faster proxy and advanced socks5 capabilities.☆459Mar 25, 2024Updated last year
- In-memory token vault BOF for Cobalt Strike☆149Aug 18, 2022Updated 3 years ago
- ☆383Jan 19, 2023Updated 3 years ago
- A CobaltStrike toolkit to write files produced by Beacon to memory instead of disk☆473Jul 6, 2024Updated last year
- ☆74Jun 17, 2025Updated 8 months ago
- Check for LDAP protections regarding the relay of NTLM authentication☆531Nov 19, 2024Updated last year
- A Python based ingestor for BloodHound☆85Sep 26, 2022Updated 3 years ago
- DLL Exports Extraction BOF with optional NTFS transactions.☆90Nov 5, 2021Updated 4 years ago
- ☆159Feb 8, 2025Updated last year
- Lateral Movement Using DCOM and DLL Hijacking☆325Jun 18, 2023Updated 2 years ago