Intercept Windows Named Pipes communication using Burp or similar HTTP proxy tools
☆282Sep 18, 2025Updated 5 months ago
Alternatives and similar repositories for pipe-intercept
Users that are interested in pipe-intercept are comparing it to the libraries listed below
Sorting:
- A tool that shows detailed information about named pipes in Windows☆738Nov 15, 2024Updated last year
- Local SYSTEM auth trigger for relaying - X☆154Jul 23, 2025Updated 7 months ago
- VPN Overall Reconnaissance, Testing, Enumeration and eXploitation Toolkit☆447Nov 2, 2023Updated 2 years ago
- a tool used to analyze and monitor in named pipes☆194Oct 27, 2024Updated last year
- ☆160Jan 27, 2025Updated last year
- Amazing whoami alternatives☆141Mar 23, 2024Updated last year
- SCCMHunter is a post-ex tool built to streamline identifying, profiling, and attacking SCCM related assets in an Active Directory domain.…☆892Updated this week
- .NET post-exploitation toolkit for Active Directory reconnaissance and exploitation☆399Jul 23, 2025Updated 7 months ago
- BOF and Python3 implementation of technique to unbind 445/tcp on Windows via SCM interactions☆345Nov 19, 2024Updated last year
- Exploring RPC interfaces on Windows☆345Jan 30, 2024Updated 2 years ago
- A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techni…☆1,369Oct 27, 2023Updated 2 years ago
- Collection of remote authentication triggers in C#☆524May 15, 2024Updated last year
- This is the tool to dump the LSASS process on modern Windows 11☆560Nov 1, 2025Updated 4 months ago
- DLL proxy load example using the Windows thread pool API, I/O completion callback with named pipes, and C++/assembly☆63Mar 19, 2024Updated last year
- Local SYSTEM auth trigger for relaying☆168Jul 22, 2025Updated 7 months ago
- ☆108Aug 21, 2024Updated last year
- A tool employs direct registry manipulation to create scheduled tasks without triggering the usual event logs.☆614Jan 2, 2025Updated last year
- You shall pass☆270Jul 16, 2022Updated 3 years ago
- ☆101Oct 7, 2023Updated 2 years ago
- Hiding shellcode in plain sight within a large memory region. Inspired by technique used by Raspberry Robin's Roshtyak☆211Nov 12, 2025Updated 3 months ago
- NTLM relaying for Windows made easy☆579Apr 25, 2023Updated 2 years ago
- A PoC implementation for an evasion technique to terminate the current thread and restore it before resuming execution, while implementin…☆534Aug 1, 2022Updated 3 years ago
- Tools for analyzing EDR agents☆278Jun 10, 2024Updated last year
- Fileless lateral movement tool that relies on ChangeServiceConfigA to run command☆1,607Jul 10, 2023Updated 2 years ago
- A User Impersonation tool - via Token or Shellcode injection☆422May 21, 2022Updated 3 years ago
- Check for LDAP protections regarding the relay of NTLM authentication☆530Nov 19, 2024Updated last year
- Tools for interacting with authentication packages using their individual message protocols☆409Mar 1, 2026Updated last week
- Gain insights into MS-RPC implementations that may be vulnerable using an automated approach and make it easy to visualize the data. By f…☆326Oct 20, 2025Updated 4 months ago
- The Token Stealer☆511Jul 13, 2022Updated 3 years ago
- TartarusGate, Bypassing EDRs☆653Jan 25, 2022Updated 4 years ago
- Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) Phan…☆283Sep 18, 2024Updated last year
- ☆475Nov 20, 2022Updated 3 years ago
- Code snippets to add on top of cobalt strike sleepmask kit so that ekko can work in a CFG protected process☆49Mar 15, 2023Updated 2 years ago
- ☆307Mar 15, 2025Updated 11 months ago
- ☆538Nov 20, 2021Updated 4 years ago
- A sock, with a wire, so you can tunnel all you desire.☆296Jan 19, 2024Updated 2 years ago
- DPAPI looting remotely and locally in Python☆542Oct 7, 2025Updated 5 months ago
- Disconnected RSAT - A method of running Group Policy Manager, Certificate Authority and Certificate Templates MMC snap-ins from non-domai…☆276Dec 27, 2024Updated last year
- Kernel mode WinDbg extension and PoCs for token privilege investigation.☆900Jan 21, 2025Updated last year