☆120May 29, 2025Updated 9 months ago
Alternatives and similar repositories for badsuccessor
Users that are interested in badsuccessor are comparing it to the libraries listed below
Sorting:
- ☆241May 19, 2025Updated 9 months ago
- SharpSuccessor is a .NET Proof of Concept (POC) for fully weaponizing Yuval Gordon’s (@YuG0rd) BadSuccessor attack from Akamai.☆391Sep 26, 2025Updated 5 months ago
- An executable that simplifies adding the msds-AllowedToActOnBehalfOfOtherIdentity attribute for RBCD☆49Mar 10, 2025Updated 11 months ago
- Permanently disable EDRs as local admin☆127Dec 19, 2025Updated 2 months ago
- ☆198Mar 28, 2025Updated 11 months ago
- ☆159Apr 4, 2025Updated 11 months ago
- .NET Post-Exploitation Utility for Abusing Strong Explicit Certificate Mappings in ADCS☆150Feb 10, 2025Updated last year
- Azure Post Exploitation Framework☆244Oct 27, 2025Updated 4 months ago
- An x64 position-independent shellcode stager that verifies the stage it retrieves prior to execution☆195Nov 27, 2024Updated last year
- SCCMSecrets.py aims at exploiting SCCM policies distribution for credentials harvesting, initial access and lateral movement.☆261Nov 22, 2025Updated 3 months ago
- Local SYSTEM auth trigger for relaying☆169Jul 22, 2025Updated 7 months ago
- Mythic C2 Agent written in x64 PIC C☆85Jan 29, 2025Updated last year
- Timeroasting scripts by Tom Tervoort☆387Nov 11, 2025Updated 3 months ago
- Generate and Manage KeyCredentialLinks☆248Jan 30, 2026Updated last month
- A Kerberos AP-REQ hijacking tool with DNS unsecure updates abuse.☆137Jan 22, 2025Updated last year
- ☆234Oct 8, 2024Updated last year
- Weaponizing DCOM for NTLM Authentication Coercions☆275Jul 1, 2025Updated 8 months ago
- Group Policy Objects manipulation and exploitation framework☆292Dec 7, 2025Updated 2 months ago
- ☆20Sep 6, 2025Updated 6 months ago
- Bypass Credential Guard by patching WDigest.dll using only NTAPI functions☆266Apr 8, 2025Updated 10 months ago
- This tool leverages the Process Forking technique using the RtlCreateProcessReflection API to clone the lsass.exe process. Once the clone…☆215Oct 19, 2024Updated last year
- The OUned project automating Active Directory Organizational Units ACL exploitation through gPLink poisoning☆154Nov 2, 2025Updated 4 months ago
- Execute commands in other Sessions☆91Jul 29, 2024Updated last year
- .NET post-exploitation toolkit for Active Directory reconnaissance and exploitation☆400Jul 23, 2025Updated 7 months ago
- This is my starred repositories including the description for each tool. Makes search/filter over them easier.☆61Feb 26, 2025Updated last year
- ☆96Aug 3, 2025Updated 7 months ago
- A PoC for Early Cascade process injection technique.☆211Jan 30, 2025Updated last year
- Mythic C2 wrapper for NimSyscallPacker☆25Mar 12, 2025Updated 11 months ago
- comprehensive .NET tool designed to extract and display detailed information about Windows Defender exclusions and Attack Surface Reducti…☆211Jun 10, 2024Updated last year
- ☆53Sep 23, 2025Updated 5 months ago
- A simple research-focused AES-based shellcode loader demonstrating in-memory execution and NTAPI techniques to help understand how custom…☆38Feb 19, 2026Updated 2 weeks ago
- DomainPasswordSpray is a tool written in PowerShell to perform a password spray attack against users of a domain. By default it will auto…☆13Jul 16, 2025Updated 7 months ago
- Supporting PoCs and scripts for my talk "OverLAPS: Overriding LAPS Logic"☆22Oct 12, 2025Updated 4 months ago
- Web File Manager☆11Aug 21, 2025Updated 6 months ago
- LSASS memory dumper using only NTAPIs, creating a minimal minidump. It can be compiled as shellcode (PIC), supports XOR encryption, and r…☆384Apr 26, 2025Updated 10 months ago
- .NET port of Leron Gray's azbelt tool.☆26Sep 21, 2023Updated 2 years ago
- A Python POC for CRED1 over SOCKS5☆165Oct 5, 2024Updated last year
- Morpheus is an lsass stealer that extracts lsass.exe in RAM and exfiltrates it via forged and crypted NTP packets. For authorized testin…☆162Jun 19, 2025Updated 8 months ago
- ☆224Oct 22, 2023Updated 2 years ago