jfjallid / go-lsassView external linksLinks
Tool to aid in dumping LSASS process remotely
☆42Sep 23, 2025Updated 4 months ago
Alternatives and similar repositories for go-lsass
Users that are interested in go-lsass are comparing it to the libraries listed below
Sorting:
- A tool to abuse weak permissions of Active Directory Discretionary Access Control Lists (DACLs) and Access Control Entries (ACEs)☆61Feb 4, 2026Updated last week
- Simple C# Redirector☆93Aug 31, 2025Updated 5 months ago
- A tool to enumerate and download files from the System Center Configuration Manager (SCCM) SMB share (SCCMContentLib)☆16Jul 27, 2024Updated last year
- Tool to bypass LSA Protection (aka Protected Process Light)☆64Jan 2, 2025Updated last year
- Exploit AD CS misconfiguration allowing privilege escalation and persistence from any child domain to full forest compromise☆125Dec 2, 2023Updated 2 years ago
- ☆198Mar 28, 2025Updated 10 months ago
- LSASS memory dumper using only NTAPIs, creating a minimal minidump. It can be compiled as shellcode (PIC), supports XOR encryption, and r…☆381Apr 26, 2025Updated 9 months ago
- Port of Cobalt Strike's Process Inject Kit☆190Dec 1, 2024Updated last year
- Azure Post Exploitation Framework☆244Oct 27, 2025Updated 3 months ago
- Lateral Movement☆125Nov 14, 2023Updated 2 years ago
- Interactive Shell and Command Execution over Named-Pipes (SMB) for Fileless lateral movement☆181May 19, 2025Updated 8 months ago
- Tool to remotely dump secrets from the Windows registry☆522Nov 18, 2025Updated 2 months ago
- ☆53Sep 23, 2025Updated 4 months ago
- ☆14Sep 26, 2023Updated 2 years ago
- ☆59Nov 13, 2024Updated last year
- Bypass Credential Guard by patching WDigest.dll using only NTAPI functions☆266Apr 8, 2025Updated 10 months ago
- Proof of Concept (PoC) .NET tool for remotely killing EDR with WDAC☆418Sep 29, 2025Updated 4 months ago
- ☆137Feb 11, 2025Updated last year
- ☆53Aug 11, 2024Updated last year
- Good CLR Host with Native patchless AMSI Bypass☆102Apr 18, 2025Updated 9 months ago
- Active Directory data ingestor for BloodHound Community Edition written in Rust. 🦀☆447Jan 15, 2026Updated last month
- .NET Post-Exploitation Utility for Abusing Strong Explicit Certificate Mappings in ADCS☆150Feb 10, 2025Updated last year
- ☆25Jan 12, 2023Updated 3 years ago
- ☆378Oct 17, 2025Updated 3 months ago
- Golang PoC that sandboxes Defender (or other PPL) by setting its token integrity to Untrusted.☆12May 28, 2025Updated 8 months ago
- Golang Shlyuz Implant Implementation☆13May 23, 2025Updated 8 months ago
- HTML Smuggling with Web Assembly☆66Feb 20, 2024Updated last year
- A remote process injection using process snapshotting based on https://gitlab.com/ORCA000/snaploader , in rust. It creates a sacrificial …☆50Jan 25, 2025Updated last year
- The GPOddity project, aiming at automating GPO attack vectors through NTLM relaying (and more).☆358Dec 13, 2025Updated 2 months ago
- Tool designed to find folder exclusions using Windows Defender using command line utility MpCmdRun.exe as a low privileged user, without …☆230Oct 6, 2024Updated last year
- Offensive GPO dumping and analysis tool that leverages and enriches BloodHound data☆354Jan 8, 2026Updated last month
- DPAPI looting remotely and locally in Python☆540Oct 7, 2025Updated 4 months ago
- ☆225Oct 22, 2023Updated 2 years ago
- A BloodHound collector for Microsoft Configuration Manager☆364Jul 7, 2025Updated 7 months ago
- Assess the security of your Active Directory with few or all privileges.☆341Jan 31, 2026Updated 2 weeks ago
- Malleable shellcode loader written in C and Assembly utilizing direct or indirect syscalls for evading EDR hooks☆136Dec 22, 2024Updated last year
- Beacon Debugger☆55Oct 28, 2024Updated last year
- This tool leverages the Process Forking technique using the RtlCreateProcessReflection API to clone the lsass.exe process. Once the clone…☆212Oct 19, 2024Updated last year
- Bash and ZSH integration for Impacket☆73Nov 6, 2025Updated 3 months ago