evilashz/CheeseOunce external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

evilashz/CheeseOunce

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/evilashz/CheeseOunce)

Close

evilashz / CheeseOunceView on GitHubMore

• External links
• Readme badge

Coerce Windows machines auth via MS-EVEN

☆175Jan 17, 2024Updated 2 years ago

Alternatives and similar repositories for CheeseOunce

Users that are interested in CheeseOunce are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• cube0x0 / LdapSignCheck

  View on GitHub
  Beacon Object File & C# project to check LDAP signing
  ☆201Aug 7, 2024Updated last year
• ShutdownRepo / ShadowCoerce

  View on GitHub
  MS-FSRVP coercion abuse PoC
  ☆302Dec 30, 2021Updated 4 years ago
• zimnyaa / noWatch

  View on GitHub
  Implant drop-in for EDR testing
  ☆147Nov 15, 2023Updated 2 years ago
• soufianetahiri / CitrixSecureAccessAuthCookieDump

  View on GitHub
  Dump Citrix Secure Access auth cookie from the process memory
  ☆76Jun 24, 2022Updated 3 years ago
• wavvs / nanorobeus

  View on GitHub
  COFF file (BOF) for managing Kerberos tickets.
  ☆326Jul 2, 2023Updated 2 years ago
• GPUs on demand by Runpod - Special Offer Available • Ad
  Run AI, ML, and HPC workloads on powerful cloud GPUs—without limits or wasted spend. Deploy GPUs in under a minute and pay by the second.
• nettitude / MalSCCM

  View on GitHub
  ☆254Sep 28, 2023Updated 2 years ago
• Hackndo / WebclientServiceScanner

  View on GitHub
  Python tool to Check running WebClient services on multiple targets based on @leechristensen
  ☆293Aug 18, 2021Updated 4 years ago
• G0ldenGunSec / GetWebDAVStatus

  View on GitHub
  Determine if the WebClient Service (WebDAV) is running on a remote system
  ☆147Mar 9, 2024Updated 2 years ago
• Mayyhem / SharpSCCM

  View on GitHub
  A C# utility for interacting with SCCM
  ☆697Mar 30, 2026Updated 2 months ago
• zyn3rgy / LdapRelayScan

  View on GitHub
  Check for LDAP protections regarding the relay of NTLM authentication
  ☆532Nov 19, 2024Updated last year
• MartinIngesen / TokenStomp

  View on GitHub
  C# implementation of the token privilege removal flaw discovered by @GabrielLandau/Elastic
  ☆143Feb 23, 2022Updated 4 years ago
• mdsecactivebreach / DragonCastle

  View on GitHub
  A PoC that combines AutodialDLL lateral movement technique and SSP to scrape NTLM hashes from LSASS process.
  ☆302Oct 26, 2022Updated 3 years ago
• mpgn / BackupOperatorToDA

  View on GitHub
  From an account member of the group Backup Operators to Domain Admin without RDP or WinRM on the Domain Controller
  ☆445Jan 4, 2025Updated last year
• Z4kSec / Masky

  View on GitHub
  Python library with CLI allowing to remotely dump domain user credentials via an ADCS without dumping the LSASS process memory
  ☆405Aug 15, 2025Updated 9 months ago
• GPUs on demand by Runpod - Special Offer Available • Ad
  Run AI, ML, and HPC workloads on powerful cloud GPUs—without limits or wasted spend. Deploy GPUs in under a minute and pay by the second.
• Octoberfest7 / Inline-Execute-PE

  View on GitHub
  Execute unmanaged Windows executables in CobaltStrike Beacons
  ☆723Mar 4, 2023Updated 3 years ago
• Henkru / cs-token-vault

  View on GitHub
  In-memory token vault BOF for Cobalt Strike
  ☆149Aug 18, 2022Updated 3 years ago
• zcgonvh / DCOMPotato

  View on GitHub
  Some Service DCOM Object and SeImpersonatePrivilege abuse.
  ☆372Dec 9, 2022Updated 3 years ago
• klezVirus / SharpLdapRelayScan

  View on GitHub
  C# Port of LdapRelayScan
  ☆94Nov 26, 2025Updated 6 months ago
• med0x2e / NTLMRelay2Self

  View on GitHub
  An other No-Fix LPE, NTLMRelay2Self over HTTP (Webdav).
  ☆419Jan 27, 2024Updated 2 years ago
• CCob / lsarelayx

  View on GitHub
  NTLM relaying for Windows made easy
  ☆582Apr 25, 2023Updated 3 years ago
• Octoberfest7 / MemFiles

  View on GitHub
  A CobaltStrike toolkit to write files produced by Beacon to memory instead of disk
  ☆477Jul 6, 2024Updated last year
• wotwot563 / aad_prt_bof

  View on GitHub
  ☆166Apr 17, 2024Updated 2 years ago
• pkb1s / SharpRelay

  View on GitHub
  ☆182Feb 3, 2021Updated 5 years ago
• 1-Click AI Models by DigitalOcean Gradient • Ad
  Deploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click. Zero configuration with optimized deployments.
• ceramicskate0 / SharpExchange

  View on GitHub
  C# Tool to interact with MS Exchange based on MS docs
  ☆102Dec 7, 2022Updated 3 years ago
• Wh04m1001 / DFSCoerce

  View on GitHub
  ☆840Sep 9, 2022Updated 3 years ago
• xpn / WAMBam

  View on GitHub
  Tooling related to the WAM Bam - Recovering Web Tokens From Office blog post
  ☆133Jan 14, 2023Updated 3 years ago
• frkngksl / NiCOFF

  View on GitHub
  COFF and BOF Loader written in Nim
  ☆176Apr 4, 2026Updated 2 months ago
• fortalice / modifyCertTemplate

  View on GitHub
  ADCS cert template modification and ACL enumeration
  ☆145Jun 26, 2023Updated 2 years ago
• wh0amitz / S4UTomato

  View on GitHub
  Escalate Service Account To LocalSystem via Kerberos
  ☆404Sep 14, 2023Updated 2 years ago
• mdsecactivebreach / Farmer

  View on GitHub
  ☆421Apr 28, 2021Updated 5 years ago
• cube0x0 / SharpSystemTriggers

  View on GitHub
  Collection of remote authentication triggers in C#
  ☆532May 15, 2024Updated 2 years ago
• kyleavery / AceLdr

  View on GitHub
  Cobalt Strike UDRL for memory scanner evasion.
  ☆1,019Jun 4, 2024Updated 2 years ago
• Deploy on Railway without the complexity - Free Credits Offer • Ad
  Connect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
• CodeXTF2 / WindowSpy

  View on GitHub
  WindowSpy is a Cobalt Strike Beacon Object File meant for automated and targeted user surveillance.
  ☆284Feb 24, 2025Updated last year
• boku7 / xPipe

  View on GitHub
  Cobalt Strike BOF to list Windows Pipes & return their Owners & DACL Permissions
  ☆97Mar 8, 2023Updated 3 years ago
• nettitude / ETWHash

  View on GitHub
  C# POC to extract NetNTLMv1/v2 hashes from ETW provider
  ☆262May 10, 2023Updated 3 years ago
• tothi / serviceDetector

  View on GitHub
  Detect whether a service is installed (blindly) and/or running (if exposing named pipes) on a remote machine without using local admin pr…
  ☆239Sep 3, 2023Updated 2 years ago
• netero1010 / ServiceMove-BOF

  View on GitHub
  New lateral movement technique by abusing Windows Perception Simulation Service to achieve DLL hijacking code execution.
  ☆302Feb 23, 2022Updated 4 years ago
• FalconForceTeam / BOF2shellcode

  View on GitHub
  POC tool to convert CobaltStrike BOF files to raw shellcode
  ☆220Nov 5, 2021Updated 4 years ago
• slemire / WSPCoerce

  View on GitHub
  PoC to coerce authentication from Windows hosts using MS-WSP
  ☆305Sep 7, 2023Updated 2 years ago