Similar to Petitpotam, the netdfs service is enabled in Windows Server and AD environments, and the abused RPC method allows privileged processes to access malicious pipes for exploitation
☆49Jun 21, 2022Updated 3 years ago
Alternatives and similar repositories for magicNetdefs
Users that are interested in magicNetdefs are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- ☆88Jul 31, 2022Updated 3 years ago
- Proof of Concept Utilities Developed to Research NTLM Relaying Attacks Targeting ADFS☆188Jun 22, 2022Updated 3 years ago
- MS-FSRVP coercion abuse PoC☆302Dec 30, 2021Updated 4 years ago
- Spawns a process from a process. Can sometimes be used to run a session > 0 process from session 0.☆20Jul 8, 2022Updated 3 years ago
- Beacon Object File implementation of Event Viewer deserialization UAC bypass☆133May 6, 2022Updated 3 years ago
- Virtual machines for every use case on DigitalOcean • AdGet dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
- A PoC implementation for an evasion technique to terminate the current thread and restore it before resuming execution, while implementin…☆535Aug 1, 2022Updated 3 years ago
- Proof of Concept code and samples presenting emerging threat of MSI installer files.☆91Dec 15, 2022Updated 3 years ago
- C# implementation of the token privilege removal flaw discovered by @GabrielLandau/Elastic☆144Feb 23, 2022Updated 4 years ago
- A tool to find folders excluded from AV real-time scanning using a time oracle☆233Feb 13, 2024Updated 2 years ago
- Unchain AMSI by patching the provider’s unmonitored memory space☆91Nov 24, 2022Updated 3 years ago
- Patch AMSI and ETW☆252May 8, 2024Updated last year
- More examples using the Impacket library designed for learning purposes.☆266Nov 4, 2022Updated 3 years ago
- A technique to coerce a Windows SQL Server to authenticate on an arbitrary machine.☆133Oct 1, 2023Updated 2 years ago
- An other No-Fix LPE, NTLMRelay2Self over HTTP (Webdav).☆419Jan 27, 2024Updated 2 years ago
- End-to-end encrypted cloud storage - Proton Drive • AdSpecial offer: 40% Off Yearly / 80% Off First Month. Protect your most important files, photos, and documents from prying eyes.
- ☆30Nov 7, 2022Updated 3 years ago
- Python library with CLI allowing to remotely dump domain user credentials via an ADCS without dumping the LSASS process memory☆402Aug 15, 2025Updated 8 months ago
- In-memory token vault BOF for Cobalt Strike☆150Aug 18, 2022Updated 3 years ago
- A faithful transposition of the key features/functionality of @itm4n's PPLDump project as a BOF.☆143Sep 24, 2021Updated 4 years ago
- Automated Persistence and Lateral Movement using GCP Patch Management☆16Aug 11, 2022Updated 3 years ago
- A BOF port of the research of @thefLinkk and @codewhitesec☆103Oct 12, 2021Updated 4 years ago
- ☆75Jun 17, 2025Updated 10 months ago
- Retrieve AD accounts description and search for password in it☆81Jul 21, 2022Updated 3 years ago
- Dump NTDS with golden certificates and UnPAC the hash☆648Mar 20, 2024Updated 2 years ago
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
- A list of methods to coerce a windows machine to authenticate to an attacker-controlled machine through a Remote Procedure Call (RPC) wit…☆598Jan 31, 2025Updated last year
- Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF) via Syswhispers2☆186Jul 21, 2022Updated 3 years ago
- Check for LDAP protections regarding the relay of NTLM authentication☆531Nov 19, 2024Updated last year
- DLL Exports Extraction BOF with optional NTFS transactions.☆90Nov 5, 2021Updated 4 years ago
- Repository for dirty scripts and PoCs☆20Feb 18, 2025Updated last year
- A Combination LSASS Dumper and LSASS Parser. All Credit goes to @slyd0g and @cube0x0.☆150Nov 21, 2021Updated 4 years ago
- .NET Project for Attacking vCenter☆559Nov 11, 2021Updated 4 years ago
- Generate AES128/256 Kerberos keys for an AD account using a plaintext password and Python3☆81Jun 1, 2022Updated 3 years ago
- You shall pass☆270Jul 16, 2022Updated 3 years ago
- Deploy on Railway without the complexity - Free Credits Offer • AdConnect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
- D/Invoke implementation in Nim☆100Jun 8, 2022Updated 3 years ago
- A PoC that combines AutodialDLL lateral movement technique and SSP to scrape NTLM hashes from LSASS process.☆303Oct 26, 2022Updated 3 years ago
- Pass the Hash to a named pipe for token Impersonation☆310Nov 29, 2023Updated 2 years ago
- ☆113Oct 10, 2022Updated 3 years ago
- ☆181Feb 3, 2021Updated 5 years ago
- A CobaltStrike toolkit to write files produced by Beacon to memory instead of disk☆476Jul 6, 2024Updated last year
- Coerce Windows machines auth via MS-EVEN☆174Jan 17, 2024Updated 2 years ago