A C# implementation of dumping credentials from Windows Credential Manager
☆62Sep 23, 2023Updated 2 years ago
Alternatives and similar repositories for BackupCreds
Users that are interested in BackupCreds are comparing it to the libraries listed below
Sorting:
- A small example of loading BOFs in Python with pure reflection☆19Jan 26, 2023Updated 3 years ago
- Parser and reconciliation tooling for large Active Directory environments.☆33Feb 18, 2025Updated last year
- wtftp.py is a tool to attack Microsoft Deployment Toolkit (MDT) and Windows Deployment Services (WDS).☆31Jan 22, 2026Updated last month
- DFSCoerce exe revisited version with custom authentication☆42Jan 13, 2024Updated 2 years ago
- HTML Smuggling with Web Assembly☆66Feb 20, 2024Updated 2 years ago
- TokenCert☆102Nov 15, 2024Updated last year
- ☆153Oct 2, 2023Updated 2 years ago
- A command-line tool for reconnaissance and targeted write operations on Confluence and Jira instances.☆14Jan 15, 2025Updated last year
- A collection of sample code used in some experiments with Sliver C2☆16Mar 28, 2023Updated 2 years ago
- Extension functionality for the NightHawk operator client☆26Nov 3, 2023Updated 2 years ago
- Abuse leaked token handles.☆136Dec 14, 2023Updated 2 years ago
- Tools for interacting with authentication packages using their individual message protocols☆419Mar 1, 2026Updated 3 weeks ago
- A C# tool to output crackable DPAPI hashes from user MasterKeys☆140Sep 14, 2024Updated last year
- ☆244May 5, 2024Updated last year
- A tool employs direct registry manipulation to create scheduled tasks without triggering the usual event logs.☆617Jan 2, 2025Updated last year
- ☆65Mar 15, 2024Updated 2 years ago
- ☆182Apr 24, 2025Updated 10 months ago
- ☆128Jun 28, 2023Updated 2 years ago
- Fileless atexec, no more need for port 445☆406Mar 28, 2024Updated last year
- COFF file (BOF) for managing Kerberos tickets.☆320Jul 2, 2023Updated 2 years ago
- SharpASM is a C# project that aims to automate ASM (i.e. shellcode) execution in .NET programs by exploiting code caves in RWX sections a…☆59May 23, 2022Updated 3 years ago
- A simple BOF (Beacon Object File) to search files in the system☆15Dec 2, 2023Updated 2 years ago
- ☆198Mar 28, 2025Updated 11 months ago
- An all-in-one Cobalt Strike BOF to patch, check and revert AMSI and ETW for x64 process. Both syscalls and dynamic resolve versions are a…☆139Oct 1, 2022Updated 3 years ago
- The code is a pingback to the Dark Vortex blog:☆186Jan 26, 2023Updated 3 years ago
- ☆26Nov 8, 2024Updated last year
- Dump lsass using only NTAPI functions by hand-crafting Minidump files (without MiniDumpWriteDump!!!)☆701May 7, 2025Updated 10 months ago
- Local SYSTEM auth trigger for relaying - X☆154Jul 23, 2025Updated 7 months ago
- ☆224Oct 22, 2023Updated 2 years ago
- Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) Phan…☆283Sep 18, 2024Updated last year
- Hide your P/Invoke signatures through other people's signed assemblies☆211Mar 10, 2024Updated 2 years ago
- ☆147Nov 6, 2025Updated 4 months ago
- A .NET implementation to dump SAM, SYSTEM, SECURITY registry hives from a remote host☆41Dec 8, 2023Updated 2 years ago
- WindowSpy is a Cobalt Strike Beacon Object File meant for automated and targeted user surveillance.☆282Feb 24, 2025Updated last year
- Gain insights into COM/DCOM implementations that may be vulnerable using an automated approach and make it easy to visualize the data. By…☆157Nov 23, 2025Updated 3 months ago
- Remote Kerberos Relay made easy! Advanced Kerberos Relay Framework☆640May 8, 2025Updated 10 months ago
- Lockless BOF☆79May 2, 2025Updated 10 months ago
- .NET assembly loader with patchless AMSI and ETW bypass☆374Apr 19, 2023Updated 2 years ago
- Parses cached certificate templates from a Windows Registry file and displays them in the same style as Certipy does☆95Jul 3, 2025Updated 8 months ago