evilashz/CheeseOunce external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

evilashz/CheeseOunce

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/evilashz/CheeseOunce)

Close

evilashz / CheeseOunceView on GitHubMore

• External links
• Readme badge

Coerce Windows machines auth via MS-EVEN

☆174Jan 17, 2024Updated 2 years ago

Alternatives and similar repositories for CheeseOunce

Users that are interested in CheeseOunce are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• cube0x0 / LdapSignCheck

  View on GitHub
  Beacon Object File & C# project to check LDAP signing
  ☆200Aug 7, 2024Updated last year
• ShutdownRepo / ShadowCoerce

  View on GitHub
  MS-FSRVP coercion abuse PoC
  ☆302Dec 30, 2021Updated 4 years ago
• zimnyaa / noWatch

  View on GitHub
  Implant drop-in for EDR testing
  ☆147Nov 15, 2023Updated 2 years ago
• soufianetahiri / CitrixSecureAccessAuthCookieDump

  View on GitHub
  Dump Citrix Secure Access auth cookie from the process memory
  ☆76Jun 24, 2022Updated 3 years ago
• wavvs / nanorobeus

  View on GitHub
  COFF file (BOF) for managing Kerberos tickets.
  ☆322Jul 2, 2023Updated 2 years ago
• Managed hosting for WordPress and PHP on Cloudways • Ad
  Managed hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
• nettitude / MalSCCM

  View on GitHub
  ☆254Sep 28, 2023Updated 2 years ago
• Hackndo / WebclientServiceScanner

  View on GitHub
  Python tool to Check running WebClient services on multiple targets based on @leechristensen
  ☆289Aug 18, 2021Updated 4 years ago
• G0ldenGunSec / GetWebDAVStatus

  View on GitHub
  Determine if the WebClient Service (WebDAV) is running on a remote system
  ☆144Mar 9, 2024Updated 2 years ago
• Mayyhem / SharpSCCM

  View on GitHub
  A C# utility for interacting with SCCM
  ☆686Mar 30, 2026Updated 2 weeks ago
• zyn3rgy / LdapRelayScan

  View on GitHub
  Check for LDAP protections regarding the relay of NTLM authentication
  ☆531Nov 19, 2024Updated last year
• MartinIngesen / TokenStomp

  View on GitHub
  C# implementation of the token privilege removal flaw discovered by @GabrielLandau/Elastic
  ☆144Feb 23, 2022Updated 4 years ago
• mdsecactivebreach / DragonCastle

  View on GitHub
  A PoC that combines AutodialDLL lateral movement technique and SSP to scrape NTLM hashes from LSASS process.
  ☆303Oct 26, 2022Updated 3 years ago
• mpgn / BackupOperatorToDA

  View on GitHub
  From an account member of the group Backup Operators to Domain Admin without RDP or WinRM on the Domain Controller
  ☆442Jan 4, 2025Updated last year
• Z4kSec / Masky

  View on GitHub
  Python library with CLI allowing to remotely dump domain user credentials via an ADCS without dumping the LSASS process memory
  ☆401Aug 15, 2025Updated 8 months ago
• Managed Database hosting by DigitalOcean • Ad
  PostgreSQL, MySQL, MongoDB, Kafka, Valkey, and OpenSearch available. Automatically scale up storage and focus on building your apps.
• Octoberfest7 / Inline-Execute-PE

  View on GitHub
  Execute unmanaged Windows executables in CobaltStrike Beacons
  ☆717Mar 4, 2023Updated 3 years ago
• Henkru / cs-token-vault

  View on GitHub
  In-memory token vault BOF for Cobalt Strike
  ☆149Aug 18, 2022Updated 3 years ago
• zcgonvh / DCOMPotato

  View on GitHub
  Some Service DCOM Object and SeImpersonatePrivilege abuse.
  ☆372Dec 9, 2022Updated 3 years ago
• klezVirus / SharpLdapRelayScan

  View on GitHub
  C# Port of LdapRelayScan
  ☆91Nov 26, 2025Updated 4 months ago
• med0x2e / NTLMRelay2Self

  View on GitHub
  An other No-Fix LPE, NTLMRelay2Self over HTTP (Webdav).
  ☆416Jan 27, 2024Updated 2 years ago
• CCob / lsarelayx

  View on GitHub
  NTLM relaying for Windows made easy
  ☆580Apr 25, 2023Updated 2 years ago
• Octoberfest7 / MemFiles

  View on GitHub
  A CobaltStrike toolkit to write files produced by Beacon to memory instead of disk
  ☆474Jul 6, 2024Updated last year
• pkb1s / SharpRelay

  View on GitHub
  ☆181Feb 3, 2021Updated 5 years ago
• wotwot563 / aad_prt_bof

  View on GitHub
  ☆160Apr 17, 2024Updated last year
• Wordpress hosting with auto-scaling - Free Trial • Ad
  Fully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
• ceramicskate0 / SharpExchange

  View on GitHub
  C# Tool to interact with MS Exchange based on MS docs
  ☆102Dec 7, 2022Updated 3 years ago
• Wh04m1001 / DFSCoerce

  View on GitHub
  ☆834Sep 9, 2022Updated 3 years ago
• xpn / WAMBam

  View on GitHub
  Tooling related to the WAM Bam - Recovering Web Tokens From Office blog post
  ☆131Jan 14, 2023Updated 3 years ago
• frkngksl / NiCOFF

  View on GitHub
  COFF and BOF Loader written in Nim
  ☆173Apr 4, 2026Updated last week
• fortalice / modifyCertTemplate

  View on GitHub
  ADCS cert template modification and ACL enumeration
  ☆143Jun 26, 2023Updated 2 years ago
• cube0x0 / SharpSystemTriggers

  View on GitHub
  Collection of remote authentication triggers in C#
  ☆526May 15, 2024Updated last year
• wh0amitz / S4UTomato

  View on GitHub
  Escalate Service Account To LocalSystem via Kerberos
  ☆403Sep 14, 2023Updated 2 years ago
• mdsecactivebreach / Farmer

  View on GitHub
  ☆419Apr 28, 2021Updated 4 years ago
• kyleavery / AceLdr

  View on GitHub
  Cobalt Strike UDRL for memory scanner evasion.
  ☆1,009Jun 4, 2024Updated last year
• Wordpress hosting with auto-scaling - Free Trial • Ad
  Fully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
• CodeXTF2 / WindowSpy

  View on GitHub
  WindowSpy is a Cobalt Strike Beacon Object File meant for automated and targeted user surveillance.
  ☆282Feb 24, 2025Updated last year
• nettitude / ETWHash

  View on GitHub
  C# POC to extract NetNTLMv1/v2 hashes from ETW provider
  ☆261May 10, 2023Updated 2 years ago
• boku7 / xPipe

  View on GitHub
  Cobalt Strike BOF to list Windows Pipes & return their Owners & DACL Permissions
  ☆96Mar 8, 2023Updated 3 years ago
• tothi / serviceDetector

  View on GitHub
  Detect whether a service is installed (blindly) and/or running (if exposing named pipes) on a remote machine without using local admin pr…
  ☆238Sep 3, 2023Updated 2 years ago
• slemire / WSPCoerce

  View on GitHub
  PoC to coerce authentication from Windows hosts using MS-WSP
  ☆304Sep 7, 2023Updated 2 years ago
• netero1010 / ServiceMove-BOF

  View on GitHub
  New lateral movement technique by abusing Windows Perception Simulation Service to achieve DLL hijacking code execution.
  ☆303Feb 23, 2022Updated 4 years ago
• FalconForceTeam / BOF2shellcode

  View on GitHub
  POC tool to convert CobaltStrike BOF files to raw shellcode
  ☆222Nov 5, 2021Updated 4 years ago