dfirfpi / dpapilab
Windows DPAPI laboratory
☆85Updated 6 years ago
Related projects: ⓘ
- DPAPI offline decryption utility☆67Updated last year
- A repository of some of my Windows 10 Device Guard Bypasses☆133Updated 7 years ago
- A one-click tool to inject jobs into the BITS queue (Background Intelligent Transfer Service), allowing arbitrary program execution as th…☆98Updated 5 years ago
- Pure Python parser for Application Compatibility Shim Databases (.sdb files)☆104Updated 3 years ago
- PoC dlls for Task Scheduler COM Hijacking☆89Updated 8 years ago
- ☆85Updated this week
- DLL Password Filter Implant with Exfiltration Capabilities☆133Updated 4 years ago
- A proof-of-concept subject interface package (SIP) used to demonstrate digital signature subversion attacks.☆92Updated 6 years ago
- POC Highlighting Obfuscation Techniques used by FIN threat actors based on cmd.exe's replace functionality and cmd.exe/powershell.exe's s…☆102Updated 7 years ago
- A "tiny" meterpreter stager☆127Updated 5 years ago
- In case you didn't now how to restore the user password after a password reset (get the previous hash with DCSync)☆161Updated 7 years ago
- A repo to hold some scripts pertaining WMI (Windows implementation of WBEM) forensics☆85Updated 6 years ago
- ☆230Updated 6 years ago
- PoC for persisting .NET payloads in Windows Notification Facility (WNF) state names using low-level Windows Kernel API calls.☆147Updated 5 years ago
- ☆135Updated this week
- ☆76Updated this week
- ☆51Updated 6 years ago
- Portable utility to execute in memory a sequence of opcodes☆17Updated 8 years ago
- All the Power with no Shell☆36Updated 2 years ago
- This is a Python port of lnk-parse-1.0, a tool to parse Windows .lnk files.☆76Updated last year
- ☆162Updated 9 years ago
- Offensive Data Storage☆55Updated 8 years ago
- InsecurePowerShell is PowerShell with some security features removed.☆102Updated 6 years ago
- ☆63Updated this week
- ☆78Updated 8 years ago
- Loads the AutoIt DLL and PowerShell assemblies into memory and executes the specified keystrokes☆60Updated 7 years ago
- UAC Bypass with mmc via alpc☆155Updated 5 years ago
- POSHSPY backdoor code☆43Updated 7 years ago
- Reflective Polymorphism☆104Updated 6 years ago
- A reference Device Guard code integrity policy consisting of FilePublisher deny rules for published Device Guard configuration bypasses☆114Updated 7 years ago