Weaponize signed .NET ClickOnce applications for initial access by hijacking a dependency DLL via AppDomainManager injection and loading a C# port of ProxyBlob Agent.
☆143Feb 14, 2026Updated 3 weeks ago
Alternatives and similar repositories for ClickOnceBlobber
Users that are interested in ClickOnceBlobber are comparing it to the libraries listed below
Sorting:
- ☆48Dec 5, 2025Updated 3 months ago
- A BOF that suspends non-GUI threads for a target process or resumes them resulting in stealthy process silencing.☆57Apr 14, 2025Updated 10 months ago
- The ADSyncDump BOF is a port of Dirk-Jan Mollema's adconnectdump.py / ADSyncDecrypt into a Beacon Object File (BOF) with zero dependencie…☆171Sep 3, 2025Updated 6 months ago
- ☆19Sep 1, 2025Updated 6 months ago
- A tool to convert windows registry export files into windows hive files that can be used to replace NTUSER.MAN☆105Jan 26, 2026Updated last month
- adws enumeration bof☆169Feb 16, 2026Updated 3 weeks ago
- Windows Access token manipulation tool made in C#☆24Aug 24, 2025Updated 6 months ago
- AppLocker-Based EDR Neutralization☆323Dec 19, 2025Updated 2 months ago
- ☆43Jun 1, 2025Updated 9 months ago
- CPL remote trigger☆43Dec 28, 2025Updated 2 months ago
- A proof-of-concept to demonstrate randomized execution paths and their impact on call stack signatures — ideal for EDR testing, behavior-…☆25Jan 17, 2026Updated last month
- wtftp.py is a tool to attack Microsoft Deployment Toolkit (MDT) and Windows Deployment Services (WDS).☆30Jan 22, 2026Updated last month
- A python script that automates a C2 Profile build☆48Dec 14, 2025Updated 2 months ago
- ☆65Mar 15, 2024Updated last year
- Commandline spoofing on Windows☆94Nov 25, 2025Updated 3 months ago
- SOCKS5 proxy tool that uses Azure Blob Storage as a means of communication.☆309Feb 16, 2026Updated 3 weeks ago
- Zero dependency browser extension for handling import of cookies, Microsoft 365 OAuth tokens, and Graph API interactions.☆23Feb 26, 2026Updated last week
- Windows Session Hijacking via COM☆339Dec 13, 2025Updated 2 months ago
- Cobalt Strike BOF to freeze EDR/AV processes and dump LSASS using WerFaultSecure.exe PPL bypass☆117Jan 29, 2026Updated last month
- A C# implementation of dumping credentials from Windows Credential Manager☆62Sep 23, 2023Updated 2 years ago
- ☆124May 12, 2021Updated 4 years ago
- Custom Amsi Bypass by patching AmsiOpenSession function in amsi.dll☆50Jun 16, 2025Updated 8 months ago
- SVG Analysis and generation tools for commonly seen SVG attachment phishing☆55Sep 24, 2025Updated 5 months ago
- ☆232Jun 10, 2025Updated 8 months ago
- Identifies the bytes that Microsoft Defender / AMSI Consumer flags on.☆11May 17, 2024Updated last year
- ☆19Dec 18, 2024Updated last year
- Cobalt Strike BOF☆43Dec 10, 2025Updated 2 months ago
- Leak NTLM via Website tab in teams via MS Office☆79Mar 28, 2024Updated last year
- ASPX Web Shell with COFF Loader☆79Updated this week
- COFF file (BOF) for managing Kerberos tickets.☆320Jul 2, 2023Updated 2 years ago
- Payload Generation Workflow☆40Jul 18, 2025Updated 7 months ago
- ☆42Dec 24, 2025Updated 2 months ago
- Simple pure PowerShell POC to bypass Entra / Intune Compliance Conditional Access Policy☆167Nov 17, 2025Updated 3 months ago
- ☆138Nov 17, 2025Updated 3 months ago
- ☆30Aug 24, 2025Updated 6 months ago
- ☆147Nov 6, 2025Updated 4 months ago
- ☆94Jan 16, 2025Updated last year
- ☆41Feb 20, 2025Updated last year
- AAD related enumeration in Nim☆131Sep 7, 2023Updated 2 years ago