A small script that automates Entra ID persistence with Windows Hello For Business key
☆67Feb 16, 2025Updated last year
Alternatives and similar repositories for deviceCode2WinHello
Users that are interested in deviceCode2WinHello are comparing it to the libraries listed below
Sorting:
- Helper script for BloodHound to automatically add relationships between multiple accounts owned by the same individual☆14Jul 13, 2022Updated 3 years ago
- TokenCert☆102Nov 15, 2024Updated last year
- Parser and reconciliation tooling for large Active Directory environments.☆33Feb 18, 2025Updated last year
- Table of AD and Azure assets and whether they belong to Tier Zero☆26Sep 12, 2023Updated 2 years ago
- ☆33Jan 23, 2025Updated last year
- ☆88Jul 28, 2022Updated 3 years ago
- Bounces when a fish bites - Evilginx database monitoring with exfiltration automation☆182Jun 9, 2024Updated last year
- A PoC for Early Cascade process injection technique.☆214Jan 30, 2025Updated last year
- Hybrid AD utilities for ROADtools☆108May 25, 2025Updated 9 months ago
- ☆121Nov 21, 2024Updated last year
- Claude MCP server to perform analysis on ROADrecon data☆49Mar 30, 2025Updated 11 months ago
- Abusing Azure services over C2☆367Jan 20, 2026Updated 2 months ago
- Internal Monologue BOF☆79Dec 28, 2024Updated last year
- Generate BloodHound compatible JSON from logs written by ldapsearch BOF, pyldapsearch and Brute Ratel's LDAP Sentinel☆390Feb 23, 2024Updated 2 years ago
- tgtdelegation is a Beacon Object File (BOF) to obtain a usable TGT via the "TGT delegation trick"☆178Nov 26, 2021Updated 4 years ago
- Watches the Downloads folder for any new files and inserts it into Nemesis for analysis.☆15Feb 29, 2024Updated 2 years ago
- Generate BloodHound compatible JSON from logs written by ldapsearch BOF, pyldapsearch and Brute Ratel's LDAP Sentinel☆371Jan 29, 2026Updated last month
- Tool for issuing manual LDAP queries which offers bofhound compatible output☆57Jun 2, 2024Updated last year
- Cobalt Strike BOF☆43Dec 10, 2025Updated 3 months ago
- BOF and Python3 implementation of technique to unbind 445/tcp on Windows via SCM interactions☆346Nov 19, 2024Updated last year
- Proof-of-Concept to evade auditd by tampering via ptrace☆19Aug 3, 2023Updated 2 years ago
- Automated (kinda) deployment of MalRDP infrastructure with Terraform & Ansible☆12Sep 15, 2023Updated 2 years ago
- Info related to the Outflank training: Microsoft Office Offensive Tradecraft☆52May 16, 2024Updated last year
- Parses logs created by Cobalt Strike or Brute Ratel and creates an SQLite DB which can be used to create custom reports.☆24Jan 15, 2026Updated 2 months ago
- Modified versions of the Cobalt Strike Process Injection Kit☆106Jan 24, 2024Updated 2 years ago
- C# port of the Get-AppLockerPolicy PS cmdlet☆100Dec 8, 2022Updated 3 years ago
- Cobalt Strike BOF that identifies Attack Surface Reduction (ASR) rules, actions, and exclusion locations☆162Mar 1, 2024Updated 2 years ago
- Cobalt Strike Beacon Object File (BOF) that uses RegConnectRegistryA + RegOpenKeyExA API to dump registry hives on remote computer☆17Mar 4, 2023Updated 3 years ago
- Azure JWT Token Manipulation Toolset☆718Dec 6, 2024Updated last year
- A Python script to authenticate and test access to Google Cloud Platform (GCP) resources.☆17Jan 31, 2024Updated 2 years ago
- Cobalt Strike Beacon Object File to enable the webdav client service on x64 windows hosts☆23Sep 15, 2023Updated 2 years ago
- Dynamically resolve API function addresses at runtime in a secure manner.☆73Nov 11, 2025Updated 4 months ago
- Tool for issuing manual LDAP queries which offers bofhound compatible output☆45Jan 14, 2026Updated 2 months ago
- Azure DevOps Services Attack Toolkit☆150Mar 15, 2025Updated last year
- BOF to decrypt Signal Desktop chat logs☆70Feb 20, 2025Updated last year
- ☆189Nov 21, 2024Updated last year
- ☆100Sep 1, 2024Updated last year
- HTML smuggling is not an evil, it can be useful☆14Jan 28, 2023Updated 3 years ago
- Research into Undocumented Behavior of Azure AD Refresh Tokens☆13Oct 27, 2023Updated 2 years ago