Tool to extract powerful tokens from Office desktop apps memory
☆74Mar 1, 2024Updated 2 years ago
Alternatives and similar repositories for TokenFinder
Users that are interested in TokenFinder are comparing it to the libraries listed below
Sorting:
- Cobalt Strike BOF to list Windows Pipes & return their Owners & DACL Permissions☆53Dec 21, 2021Updated 4 years ago
- This repo hosts a poc of how to execute F# code within an unmanaged process☆70Jun 25, 2024Updated last year
- ☆130Dec 4, 2023Updated 2 years ago
- DLL Exports Extraction BOF with optional NTFS transactions.☆90Nov 5, 2021Updated 4 years ago
- PoC for dumping and decrypting cookies in the latest version of Microsoft Teams☆131Nov 12, 2023Updated 2 years ago
- Playing with PE's and Building Structures by Hand☆22Apr 21, 2022Updated 3 years ago
- A simple proof of concept for detecting use of Cobalt Strike's execute-assembly☆59Apr 1, 2022Updated 3 years ago
- Patch AMSI and ETW☆249May 8, 2024Updated last year
- Strstr with user-supplied needle and filename as a BOF.☆32Sep 27, 2021Updated 4 years ago
- airCross is a tool that takes advantage of API functionality within VMWare's AirWatch MDM solution to perform single-factor authenticatio…☆47Jul 19, 2022Updated 3 years ago
- ☆78Oct 18, 2022Updated 3 years ago
- AAD related enumeration in Nim☆132Sep 7, 2023Updated 2 years ago
- Escalate Service Account To LocalSystem via Kerberos☆403Sep 14, 2023Updated 2 years ago
- A simple PE loader.☆27Dec 9, 2022Updated 3 years ago
- ☆101Aug 23, 2021Updated 4 years ago
- HTML Smuggling with Web Assembly☆66Feb 20, 2024Updated 2 years ago
- Ask a TGS on behalf of another user without password☆482Mar 30, 2025Updated 11 months ago
- A tool to exchange decryption keys for command and control (C2) beacons and implants through DNS records.☆40Jan 7, 2023Updated 3 years ago
- This project is an implant framework designed for long term persistent access to Windows machines.☆108Sep 22, 2023Updated 2 years ago
- Finds imports that could be exploited, still requires manual analysis.☆29Nov 9, 2022Updated 3 years ago
- This repo goes with the blog entry at blog.malicious.group entitled "Writing your own RDI / sRDI loader using C and ASM".☆87Apr 11, 2023Updated 2 years ago
- ☆319Jun 28, 2023Updated 2 years ago
- Inspired by gowitness and EyeWitness☆15Mar 11, 2025Updated 11 months ago
- A variation CredBandit that uses compression to reduce the size of the data that must be trasnmitted.☆19Jun 24, 2021Updated 4 years ago
- Weaponized HellsGate/SigFlip☆203Jun 7, 2023Updated 2 years ago
- Tooling related to the WAM Bam - Recovering Web Tokens From Office blog post☆130Jan 14, 2023Updated 3 years ago
- Timestomping module: overwrite file create/modify times in .NET (no pinvoke)☆27Dec 13, 2021Updated 4 years ago
- A User Impersonation tool - via Token or Shellcode injection☆421May 21, 2022Updated 3 years ago
- Set of python scripts which perform different ways of command execution via WMI protocol.☆165Jun 29, 2023Updated 2 years ago
- Bypassing Kerberoast Detections with Modified KDC Options and Encryption Types☆412Mar 21, 2025Updated 11 months ago
- PoC to demonstrate how CLR ETW events can be tampered.☆192Mar 26, 2020Updated 5 years ago
- ☆70Oct 30, 2023Updated 2 years ago
- C# version of NTLMRawUnHide☆72Oct 8, 2022Updated 3 years ago
- A .NET 4.8 application to retrieve delivr.to emails from Microsoft Outlook via COM☆20Jul 19, 2025Updated 7 months ago
- Enumerate Domain Data☆336Sep 13, 2023Updated 2 years ago
- Modify managed functions from unmanaged code☆53Feb 1, 2024Updated 2 years ago
- A crappy hook on SpAcceptLsaModeContext that prints incoming auth attempts. WIP☆37Jul 27, 2021Updated 4 years ago
- A more reliable way of resolving syscall numbers in Windows☆55Feb 12, 2024Updated 2 years ago
- Dump objects from .NET dumps.☆51Apr 19, 2022Updated 3 years ago