A Beacon Object File (BOF) that talks directly to Windows authentication packages through the LSA untrusted/trusted client interface, without touching LSASS process memory.
☆145Updated this week
Alternatives and similar repositories for lsawhisper-bof
Users that are interested in lsawhisper-bof are comparing it to the libraries listed below
Sorting:
- Python and BOF utilites to the determine EPA enforcement levels of popular NTLM relay targets from the offensive perspective☆166Jan 12, 2026Updated last month
- Automatically scan the file system to identify Electron applications vulnerable to ASAR tampering.☆149Nov 28, 2025Updated 3 months ago
- BYOVD: Use 360 WFP driver to block EDR/XDR network connection.☆98Feb 10, 2026Updated 2 weeks ago
- ☆139Jan 16, 2025Updated last year
- ☆138Nov 17, 2025Updated 3 months ago
- A C++ proof of concept demonstrating the exploitation of Windows Protected Process Light (PPL) by leveraging COM-to-.NET redirection and …☆334Mar 6, 2025Updated 11 months ago
- The ADSyncDump BOF is a port of Dirk-Jan Mollema's adconnectdump.py / ADSyncDecrypt into a Beacon Object File (BOF) with zero dependencie…☆172Sep 3, 2025Updated 5 months ago
- Reaping treasures from strings in remote processes memory☆285Feb 8, 2025Updated last year
- Conquest is a feature-rich and malleable command & control/post-exploitation framework developed in Nim.☆258Updated this week
- A BOF that runs unmanaged PEs inline☆680Oct 23, 2024Updated last year
- ☆51Jun 28, 2025Updated 7 months ago
- SoaPy is a Proof of Concept (PoC) tool for conducting offensive interaction with Active Directory Web Services (ADWS) from Linux hosts.☆261Feb 21, 2025Updated last year
- ☆39Nov 25, 2025Updated 3 months ago
- Implant drop-in for EDR testing☆147Nov 15, 2023Updated 2 years ago
- C2 Agent fully PIC for Mythic with advanced evasion capabilities, dotnet/powershell/shellcode/bof memory executions, lateral moviments, p…☆199Dec 30, 2025Updated last month
- Lateral Movement Bof with MSI ODBC Driver Install☆144Sep 30, 2025Updated 4 months ago
- BOF and Python3 implementation of technique to unbind 445/tcp on Windows via SCM interactions☆346Nov 19, 2024Updated last year
- ForsHops☆152Mar 25, 2025Updated 11 months ago
- Tool for viewing NTDS.dit☆192Mar 14, 2025Updated 11 months ago
- Disconnected RSAT - A method of running Group Policy Manager, Certificate Authority and Certificate Templates MMC snap-ins from non-domai…☆275Dec 27, 2024Updated last year
- SOCKS5 proxy tool that uses Azure Blob Storage as a means of communication.☆309Feb 16, 2026Updated last week
- BOF that finds all the Nt* system call stubs within NTDLL and overwrites with clean syscall stubs (user land hook evasion)☆195Feb 6, 2025Updated last year
- gpoParser is a tool designed to extract and analyze configurations applied through Group Policy Objects (GPOs) in an Active Directory env…☆331Jan 14, 2026Updated last month
- Hijacks code execution via overwriting Control Flow Guard pointers in combase.dll☆136Apr 18, 2025Updated 10 months ago
- One WSL BOF to rule them all☆152Jan 14, 2026Updated last month
- ☆235Oct 8, 2024Updated last year
- adws enumeration bof☆167Feb 16, 2026Updated last week
- Beacon Object Files (BOFs) for Cobalt Strike and Havoc C2. Implementations of Active Directory attacks and post-exploitation techniques.☆101Jan 26, 2026Updated last month
- tool for requesting Entra ID's P2P certificate and authenticating to a remote Entra joinned devices with it☆131Aug 23, 2025Updated 6 months ago
- Weaponizing DCOM for NTLM Authentication Coercions☆275Jul 1, 2025Updated 7 months ago
- Python utility that generates "imageless" QR codes in various formats☆137Aug 10, 2024Updated last year
- BOF for Kerberos abuse (an implementation of some important features of the Rubeus).☆546Nov 23, 2025Updated 3 months ago
- Regex based secret scanner for sccm deployment points sccmcontentlib$ shares. Find secrets automatically and download entire packages for…☆18Aug 13, 2025Updated 6 months ago
- Gain insights into MS-RPC implementations that may be vulnerable using an automated approach and make it easy to visualize the data. By f…☆325Oct 20, 2025Updated 4 months ago
- Remote BOF Runner is a Havoc extension framework for remote execution of Beacon Object Files (BOFs) using a PIC loader made with Crystal …☆89Jan 2, 2026Updated last month
- Flexible LDAP proxy that can be used to inspect & transform all LDAP packets generated by other tools on the fly.☆190Feb 16, 2026Updated last week
- psexecsvc - a python implementation of PSExec's native service implementation☆237Feb 11, 2025Updated last year
- Remote Kerberos Relay made easy! Advanced Kerberos Relay Framework☆638May 8, 2025Updated 9 months ago
- AI-based Ludus range configuration builder☆29May 6, 2025Updated 9 months ago