evilashz/CheeseOunce external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

evilashz/CheeseOunce

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/evilashz/CheeseOunce)

Close

evilashz / CheeseOunceView on GitHubMore

• External links
• Readme badge

Coerce Windows machines auth via MS-EVEN

☆174Jan 17, 2024Updated 2 years ago

Alternatives and similar repositories for CheeseOunce

Users that are interested in CheeseOunce are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• cube0x0 / LdapSignCheck

  View on GitHub
  Beacon Object File & C# project to check LDAP signing
  ☆199Aug 7, 2024Updated last year
• ShutdownRepo / ShadowCoerce

  View on GitHub
  MS-FSRVP coercion abuse PoC
  ☆302Dec 30, 2021Updated 4 years ago
• zimnyaa / noWatch

  View on GitHub
  Implant drop-in for EDR testing
  ☆147Nov 15, 2023Updated 2 years ago
• soufianetahiri / CitrixSecureAccessAuthCookieDump

  View on GitHub
  Dump Citrix Secure Access auth cookie from the process memory
  ☆76Jun 24, 2022Updated 3 years ago
• wavvs / nanorobeus

  View on GitHub
  COFF file (BOF) for managing Kerberos tickets.
  ☆320Jul 2, 2023Updated 2 years ago
• GPU virtual machines on DigitalOcean Gradient AI • Ad
  Get to production fast with high-performance AMD and NVIDIA GPUs you can spin up in seconds. The definition of operational simplicity.
• nettitude / MalSCCM

  View on GitHub
  ☆254Sep 28, 2023Updated 2 years ago
• Hackndo / WebclientServiceScanner

  View on GitHub
  Python tool to Check running WebClient services on multiple targets based on @leechristensen
  ☆289Aug 18, 2021Updated 4 years ago
• G0ldenGunSec / GetWebDAVStatus

  View on GitHub
  Determine if the WebClient Service (WebDAV) is running on a remote system
  ☆143Mar 9, 2024Updated 2 years ago
• Mayyhem / SharpSCCM

  View on GitHub
  A C# utility for interacting with SCCM
  ☆686Aug 20, 2025Updated 7 months ago
• zyn3rgy / LdapRelayScan

  View on GitHub
  Check for LDAP protections regarding the relay of NTLM authentication
  ☆530Nov 19, 2024Updated last year
• MartinIngesen / TokenStomp

  View on GitHub
  C# implementation of the token privilege removal flaw discovered by @GabrielLandau/Elastic
  ☆144Feb 23, 2022Updated 4 years ago
• mdsecactivebreach / DragonCastle

  View on GitHub
  A PoC that combines AutodialDLL lateral movement technique and SSP to scrape NTLM hashes from LSASS process.
  ☆303Oct 26, 2022Updated 3 years ago
• mpgn / BackupOperatorToDA

  View on GitHub
  From an account member of the group Backup Operators to Domain Admin without RDP or WinRM on the Domain Controller
  ☆442Jan 4, 2025Updated last year
• Z4kSec / Masky

  View on GitHub
  Python library with CLI allowing to remotely dump domain user credentials via an ADCS without dumping the LSASS process memory
  ☆399Aug 15, 2025Updated 7 months ago
• 1-Click AI Models by DigitalOcean Gradient • Ad
  Deploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click and start building anything your business needs.
• Octoberfest7 / Inline-Execute-PE

  View on GitHub
  Execute unmanaged Windows executables in CobaltStrike Beacons
  ☆715Mar 4, 2023Updated 3 years ago
• Henkru / cs-token-vault

  View on GitHub
  In-memory token vault BOF for Cobalt Strike
  ☆149Aug 18, 2022Updated 3 years ago
• zcgonvh / DCOMPotato

  View on GitHub
  Some Service DCOM Object and SeImpersonatePrivilege abuse.
  ☆372Dec 9, 2022Updated 3 years ago
• klezVirus / SharpLdapRelayScan

  View on GitHub
  C# Port of LdapRelayScan
  ☆91Nov 26, 2025Updated 4 months ago
• med0x2e / NTLMRelay2Self

  View on GitHub
  An other No-Fix LPE, NTLMRelay2Self over HTTP (Webdav).
  ☆418Jan 27, 2024Updated 2 years ago
• CCob / lsarelayx

  View on GitHub
  NTLM relaying for Windows made easy
  ☆580Apr 25, 2023Updated 2 years ago
• wotwot563 / aad_prt_bof

  View on GitHub
  ☆160Apr 17, 2024Updated last year
• Octoberfest7 / MemFiles

  View on GitHub
  A CobaltStrike toolkit to write files produced by Beacon to memory instead of disk
  ☆473Jul 6, 2024Updated last year
• pkb1s / SharpRelay

  View on GitHub
  ☆181Feb 3, 2021Updated 5 years ago
• GPU virtual machines on DigitalOcean Gradient AI • Ad
  Get to production fast with high-performance AMD and NVIDIA GPUs you can spin up in seconds. The definition of operational simplicity.
• ceramicskate0 / SharpExchange

  View on GitHub
  C# Tool to interact with MS Exchange based on MS docs
  ☆102Dec 7, 2022Updated 3 years ago
• Wh04m1001 / DFSCoerce

  View on GitHub
  ☆832Sep 9, 2022Updated 3 years ago
• xpn / WAMBam

  View on GitHub
  Tooling related to the WAM Bam - Recovering Web Tokens From Office blog post
  ☆131Jan 14, 2023Updated 3 years ago
• frkngksl / NiCOFF

  View on GitHub
  COFF and BOF Loader written in Nim
  ☆174Aug 1, 2022Updated 3 years ago
• fortalice / modifyCertTemplate

  View on GitHub
  ADCS cert template modification and ACL enumeration
  ☆143Jun 26, 2023Updated 2 years ago
• cube0x0 / SharpSystemTriggers

  View on GitHub
  Collection of remote authentication triggers in C#
  ☆524May 15, 2024Updated last year
• wh0amitz / S4UTomato

  View on GitHub
  Escalate Service Account To LocalSystem via Kerberos
  ☆403Sep 14, 2023Updated 2 years ago
• mdsecactivebreach / Farmer

  View on GitHub
  ☆418Apr 28, 2021Updated 4 years ago
• kyleavery / AceLdr

  View on GitHub
  Cobalt Strike UDRL for memory scanner evasion.
  ☆1,009Jun 4, 2024Updated last year
• Simple, predictable pricing with DigitalOcean hosting • Ad
  Always know what you'll pay with monthly caps and flat pricing. Enterprise-grade infrastructure trusted by 600k+ customers.
• CodeXTF2 / WindowSpy

  View on GitHub
  WindowSpy is a Cobalt Strike Beacon Object File meant for automated and targeted user surveillance.
  ☆282Feb 24, 2025Updated last year
• nettitude / ETWHash

  View on GitHub
  C# POC to extract NetNTLMv1/v2 hashes from ETW provider
  ☆258May 10, 2023Updated 2 years ago
• boku7 / xPipe

  View on GitHub
  Cobalt Strike BOF to list Windows Pipes & return their Owners & DACL Permissions
  ☆95Mar 8, 2023Updated 3 years ago
• tothi / serviceDetector

  View on GitHub
  Detect whether a service is installed (blindly) and/or running (if exposing named pipes) on a remote machine without using local admin pr…
  ☆237Sep 3, 2023Updated 2 years ago
• slemire / WSPCoerce

  View on GitHub
  PoC to coerce authentication from Windows hosts using MS-WSP
  ☆304Sep 7, 2023Updated 2 years ago
• netero1010 / ServiceMove-BOF

  View on GitHub
  New lateral movement technique by abusing Windows Perception Simulation Service to achieve DLL hijacking code execution.
  ☆301Feb 23, 2022Updated 4 years ago
• FalconForceTeam / BOF2shellcode

  View on GitHub
  POC tool to convert CobaltStrike BOF files to raw shellcode
  ☆220Nov 5, 2021Updated 4 years ago