A C# implementation of dumping credentials from Windows Credential Manager
☆62Sep 23, 2023Updated 2 years ago
Alternatives and similar repositories for BackupCreds
Users that are interested in BackupCreds are comparing it to the libraries listed below
Sorting:
- A small example of loading BOFs in Python with pure reflection☆19Jan 26, 2023Updated 3 years ago
- Abuse leaked token handles.☆136Dec 14, 2023Updated 2 years ago
- wtftp.py is a tool to attack Microsoft Deployment Toolkit (MDT) and Windows Deployment Services (WDS).☆30Jan 22, 2026Updated last month
- TokenCert☆102Nov 15, 2024Updated last year
- Tools for interacting with authentication packages using their individual message protocols☆403Feb 1, 2026Updated last month
- DFSCoerce exe revisited version with custom authentication☆42Jan 13, 2024Updated 2 years ago
- ☆152Oct 2, 2023Updated 2 years ago
- ☆181Apr 24, 2025Updated 10 months ago
- Parser and reconciliation tooling for large Active Directory environments.☆33Feb 18, 2025Updated last year
- A C# tool to output crackable DPAPI hashes from user MasterKeys☆140Sep 14, 2024Updated last year
- Dump lsass using only NTAPI functions by hand-crafting Minidump files (without MiniDumpWriteDump!!!)☆701May 7, 2025Updated 9 months ago
- HTML Smuggling with Web Assembly☆66Feb 20, 2024Updated 2 years ago
- A collection of sample code used in some experiments with Sliver C2☆16Mar 28, 2023Updated 2 years ago
- A command-line tool for reconnaissance and targeted write operations on Confluence and Jira instances.☆13Jan 15, 2025Updated last year
- This script is used to unload PsSetCreateProcessNotifyRoutineEx, PsSetCreateProcessNotifyRoutine, PsSetLoadImageNotifyRoutine and PsSetCr…☆63Feb 11, 2024Updated 2 years ago
- SharpASM is a C# project that aims to automate ASM (i.e. shellcode) execution in .NET programs by exploiting code caves in RWX sections a…☆59May 23, 2022Updated 3 years ago
- ☆223Oct 22, 2023Updated 2 years ago
- Extension functionality for the NightHawk operator client☆26Nov 3, 2023Updated 2 years ago
- Lockless BOF☆79May 2, 2025Updated 9 months ago
- Parses cached certificate templates from a Windows Registry file and displays them in the same style as Certipy does☆95Jul 3, 2025Updated 7 months ago
- A tool employs direct registry manipulation to create scheduled tasks without triggering the usual event logs.☆614Jan 2, 2025Updated last year
- Fileless atexec, no more need for port 445☆404Mar 28, 2024Updated last year
- A simple BOF (Beacon Object File) to search files in the system☆15Dec 2, 2023Updated 2 years ago
- ☆242May 5, 2024Updated last year
- Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) Phan…☆283Sep 18, 2024Updated last year
- ☆198Mar 28, 2025Updated 11 months ago
- Gain insights into COM/DCOM implementations that may be vulnerable using an automated approach and make it easy to visualize the data. By…☆157Nov 23, 2025Updated 3 months ago
- The code is a pingback to the Dark Vortex blog:☆186Jan 26, 2023Updated 3 years ago
- PoC demonstrating a multi process injection chain aimed at remotely executing shellcode☆260Jan 21, 2024Updated 2 years ago
- An all-in-one Cobalt Strike BOF to patch, check and revert AMSI and ETW for x64 process. Both syscalls and dynamic resolve versions are a…☆139Oct 1, 2022Updated 3 years ago
- Hide your P/Invoke signatures through other people's signed assemblies☆211Mar 10, 2024Updated last year
- Find interesting files stored on (System Center) Configuration Manager (SCCM/CM) shares via HTTP(s)☆209Sep 30, 2024Updated last year
- Determine if the WebClient Service (WebDAV) is running on a remote system☆21Nov 28, 2025Updated 3 months ago
- Local SYSTEM auth trigger for relaying - X☆155Jul 23, 2025Updated 7 months ago
- Remote Kerberos Relay made easy! Advanced Kerberos Relay Framework☆638May 8, 2025Updated 9 months ago
- WindowSpy is a Cobalt Strike Beacon Object File meant for automated and targeted user surveillance.☆281Feb 24, 2025Updated last year
- DLL Unlinking from InLoadOrderModuleList, InMemoryOrderModuleList, InInitializationOrderModuleList, and LdrpHashTable☆59Dec 15, 2023Updated 2 years ago
- Cobalt Strike beacon object file that allows you to query and make changes to the Windows Registry☆31Feb 11, 2021Updated 5 years ago
- Active Directory reconnaissance and exploitation for Red Teams via the Active Directory Web Services (ADWS).☆586Mar 19, 2024Updated last year