Similar to Petitpotam, the netdfs service is enabled in Windows Server and AD environments, and the abused RPC method allows privileged processes to access malicious pipes for exploitation
☆49Jun 21, 2022Updated 3 years ago
Alternatives and similar repositories for magicNetdefs
Users that are interested in magicNetdefs are comparing it to the libraries listed below
Sorting:
- ☆88Jul 31, 2022Updated 3 years ago
- Proof of Concept Utilities Developed to Research NTLM Relaying Attacks Targeting ADFS☆186Jun 22, 2022Updated 3 years ago
- MS-FSRVP coercion abuse PoC☆302Dec 30, 2021Updated 4 years ago
- Spawns a process from a process. Can sometimes be used to run a session > 0 process from session 0.☆20Jul 8, 2022Updated 3 years ago
- Beacon Object File implementation of Event Viewer deserialization UAC bypass☆133May 6, 2022Updated 3 years ago
- A PoC implementation for an evasion technique to terminate the current thread and restore it before resuming execution, while implementin…☆535Aug 1, 2022Updated 3 years ago
- Proof of Concept code and samples presenting emerging threat of MSI installer files.☆90Dec 15, 2022Updated 3 years ago
- C# implementation of the token privilege removal flaw discovered by @GabrielLandau/Elastic☆144Feb 23, 2022Updated 4 years ago
- A tool to find folders excluded from AV real-time scanning using a time oracle☆233Feb 13, 2024Updated 2 years ago
- Unchain AMSI by patching the provider’s unmonitored memory space☆91Nov 24, 2022Updated 3 years ago
- Patch AMSI and ETW☆250May 8, 2024Updated last year
- More examples using the Impacket library designed for learning purposes.☆264Nov 4, 2022Updated 3 years ago
- A technique to coerce a Windows SQL Server to authenticate on an arbitrary machine.☆133Oct 1, 2023Updated 2 years ago
- An other No-Fix LPE, NTLMRelay2Self over HTTP (Webdav).☆418Jan 27, 2024Updated 2 years ago
- ☆30Nov 7, 2022Updated 3 years ago
- Python library with CLI allowing to remotely dump domain user credentials via an ADCS without dumping the LSASS process memory☆399Aug 15, 2025Updated 7 months ago
- In-memory token vault BOF for Cobalt Strike☆149Aug 18, 2022Updated 3 years ago
- A faithful transposition of the key features/functionality of @itm4n's PPLDump project as a BOF.☆143Sep 24, 2021Updated 4 years ago
- Automated Persistence and Lateral Movement using GCP Patch Management☆16Aug 11, 2022Updated 3 years ago
- A BOF port of the research of @thefLinkk and @codewhitesec☆100Oct 12, 2021Updated 4 years ago
- ☆74Jun 17, 2025Updated 9 months ago
- Retrieve AD accounts description and search for password in it☆82Jul 21, 2022Updated 3 years ago
- Dump NTDS with golden certificates and UnPAC the hash☆647Mar 20, 2024Updated 2 years ago
- A list of methods to coerce a windows machine to authenticate to an attacker-controlled machine through a Remote Procedure Call (RPC) wit…☆596Jan 31, 2025Updated last year
- Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF) via Syswhispers2☆186Jul 21, 2022Updated 3 years ago
- Check for LDAP protections regarding the relay of NTLM authentication☆530Nov 19, 2024Updated last year
- DLL Exports Extraction BOF with optional NTFS transactions.☆90Nov 5, 2021Updated 4 years ago
- Repository for dirty scripts and PoCs☆20Feb 18, 2025Updated last year
- A Combination LSASS Dumper and LSASS Parser. All Credit goes to @slyd0g and @cube0x0.☆151Nov 21, 2021Updated 4 years ago
- .NET Project for Attacking vCenter☆553Nov 11, 2021Updated 4 years ago
- Generate AES128/256 Kerberos keys for an AD account using a plaintext password and Python3☆81Jun 1, 2022Updated 3 years ago
- You shall pass☆270Jul 16, 2022Updated 3 years ago
- A PoC that combines AutodialDLL lateral movement technique and SSP to scrape NTLM hashes from LSASS process.☆301Oct 26, 2022Updated 3 years ago
- D/Invoke implementation in Nim☆100Jun 8, 2022Updated 3 years ago
- Pass the Hash to a named pipe for token Impersonation☆311Nov 29, 2023Updated 2 years ago
- ☆113Oct 10, 2022Updated 3 years ago
- ☆181Feb 3, 2021Updated 5 years ago
- A CobaltStrike toolkit to write files produced by Beacon to memory instead of disk☆473Jul 6, 2024Updated last year
- A .NET XOR encrypted cobalt strike aggressor implementation for chisel to utilize faster proxy and advanced socks5 capabilities.☆458Mar 25, 2024Updated last year