A little tool for detecting suspicious privileged NTLM connections, in particular Pass-The-Hash attack, based on event viewer logs.
☆173Feb 19, 2025Updated last year
Alternatives and similar repositories for ketshash
Users that are interested in ketshash are comparing it to the libraries listed below
Sorting:
- Monitors for DCSYNC and DCSHADOW attacks and create custom Windows Events for these events.☆141Mar 7, 2018Updated 7 years ago
- Test Blue Team detections without running any attack.☆271May 2, 2024Updated last year
- Windows log and threat hunting with powershell☆16Dec 11, 2020Updated 5 years ago
- ntlm relay attack to Exchange Web Services☆334Jan 15, 2018Updated 8 years ago
- A script for advanced discovery of Privileged Accounts - includes Shadow Admins☆825Sep 9, 2019Updated 6 years ago
- A cobaltstrike script that integrates DDEAuto Attacks☆63Oct 17, 2017Updated 8 years ago
- Miscellaneous C-Sharp projects for red team activities☆24Aug 12, 2022Updated 3 years ago
- PowerShell Obfuscation Detection Framework☆750Dec 1, 2023Updated 2 years ago
- Various Cheat Sheets☆183Jun 24, 2021Updated 4 years ago
- SMB MiTM tool with a focus on attacking clients through file content swapping, lnk swapping, as well as compromising any data passed over…☆383Aug 17, 2018Updated 7 years ago
- Perform various SMB-related attacks, particularly useful for testing large Active Directory environments.☆42Oct 15, 2022Updated 3 years ago
- ☆16Feb 26, 2018Updated 8 years ago
- alternative to procdump☆11May 26, 2021Updated 4 years ago
- PowerShell Empire Web Interface☆330May 20, 2023Updated 2 years ago
- Active Directory Assessment and Privilege Escalation Script☆1,132Dec 7, 2022Updated 3 years ago
- Powershell script for enumerating vulnerable DCOM Applications☆266Nov 30, 2018Updated 7 years ago
- PowerShell oneliner to retrieve wdigest passwords from the memory☆220Dec 11, 2017Updated 8 years ago
- ☆349Mar 19, 2021Updated 4 years ago
- Python / C# Unmanaged PowerShell based RAT☆771Mar 29, 2023Updated 2 years ago
- CScriptShell, a Powershell Host running within cscript.exe☆162Apr 11, 2017Updated 8 years ago
- c# implementation of Active Directory Integrated DNS dumping (authenticated user)☆205May 25, 2021Updated 4 years ago
- All materials from our Black Hat 2018 "Subverting Sysmon" talk☆135Aug 10, 2018Updated 7 years ago
- Exchange privilege escalations to Active Directory☆806Apr 23, 2023Updated 2 years ago
- Hide Mimikatz From Process Lists☆20Jul 10, 2015Updated 10 years ago
- initial commit☆174Jun 11, 2018Updated 7 years ago
- Gives context to a system. Uses EQGRP shadow broker leaked list to give some descriptions to processes.☆47Jun 5, 2017Updated 8 years ago
- This is a PowerShell based tool that is designed to act like a RAT. Its interface is that of a shell where any command that is supported …☆842Jun 25, 2024Updated last year
- Windows Event Forwarding for Active Directory Security Logs☆29Jun 28, 2016Updated 9 years ago
- ☆182Feb 21, 2022Updated 4 years ago
- PowerShell Pass The Hash Utils☆1,722Dec 9, 2018Updated 7 years ago
- Asynchronous Password Spraying Tool in C# for Windows Environments☆316Dec 19, 2023Updated 2 years ago
- Smb Scanner from PingCastle☆125Apr 9, 2019Updated 6 years ago
- Powershell Empire Persistence finder☆119Jan 30, 2017Updated 9 years ago
- 安全狗sql注入绕过☆29Mar 21, 2018Updated 7 years ago
- goddi (go dump domain info) dumps Active Directory domain information☆429May 31, 2022Updated 3 years ago
- Perform a MitM attack and extract clear text credentials from RDP connections☆1,449Nov 20, 2025Updated 3 months ago
- Reverse Shell as a Service☆66Nov 9, 2020Updated 5 years ago
- Investigate malicious Windows logon by visualizing and analyzing Windows event log☆3,136Oct 19, 2025Updated 4 months ago
- Exfiltrate data with ICMP☆102Jan 31, 2018Updated 8 years ago