A C# tool to output crackable DPAPI hashes from user MasterKeys
☆140Sep 14, 2024Updated last year
Alternatives and similar repositories for DPAPISnoop
Users that are interested in DPAPISnoop are comparing it to the libraries listed below
Sorting:
- ☆224Oct 22, 2023Updated 2 years ago
- Simple BOF to read the protection level of a process☆119May 10, 2023Updated 2 years ago
- Proof of Concept Utilities Developed to Research NTLM Relaying Attacks Targeting ADFS☆186Jun 22, 2022Updated 3 years ago
- ☆176Mar 27, 2023Updated 2 years ago
- C# POC to extract NetNTLMv1/v2 hashes from ETW provider☆258May 10, 2023Updated 2 years ago
- powershell script i wrote that can suspend an arbitrary process (with limits)☆22Mar 26, 2023Updated 2 years ago
- ☆83Nov 1, 2023Updated 2 years ago
- A method to execute shellcode using RegisterWaitForInputIdle API.☆55Apr 4, 2023Updated 2 years ago
- Weaponizing to get NT SYSTEM for Privileged Directory Creation Bugs with Windows Error Reporting☆363Dec 19, 2022Updated 3 years ago
- OPSEC safe Kerberoasting in C#☆198Jun 14, 2022Updated 3 years ago
- DPAPI looting remotely and locally in Python☆542Mar 13, 2026Updated last week
- COFF file (BOF) for managing Kerberos tickets.☆320Jul 2, 2023Updated 2 years ago
- Abuse leaked token handles.☆136Dec 14, 2023Updated 2 years ago
- An other No-Fix LPE, NTLMRelay2Self over HTTP (Webdav).☆418Jan 27, 2024Updated 2 years ago
- Threadless Module Stomping In Rust with some features (In memory of those murdered in the Nova party massacre)☆263Jun 29, 2024Updated last year
- Generate an obfuscated DLL that will disable AMSI & ETW☆331Jul 15, 2024Updated last year
- Lockless BOF☆79May 2, 2025Updated 10 months ago
- .NET assembly loader with patchless AMSI and ETW bypass☆374Apr 19, 2023Updated 2 years ago
- A BOF to determine Windows Defender exclusions.☆253Jun 25, 2023Updated 2 years ago
- More examples using the Impacket library designed for learning purposes.☆264Nov 4, 2022Updated 3 years ago
- ☆128Jun 28, 2023Updated 2 years ago
- A collection of various and sundry code snippets that leverage .NET dynamic tradecraft☆145May 18, 2024Updated last year
- Programmatically start WebClient from an unprivileged session to enable that juicy privesc.☆78Feb 8, 2023Updated 3 years ago
- Collection of Beacon Object Files (BOF) for Cobalt Strike☆681Aug 15, 2025Updated 7 months ago
- A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other ob…☆483Oct 14, 2022Updated 3 years ago
- Click Once + App Domain☆67Feb 23, 2026Updated last month
- Dump the memory of any PPL with a Userland exploit chain☆352Mar 17, 2023Updated 3 years ago
- A User Impersonation tool - via Token or Shellcode injection☆422May 21, 2022Updated 3 years ago
- A Stealthy Lsass Dumper - can abuse ProcExp152.sys driver to dump PPL Lsass, no dbghelp.lib calls.☆327Jan 31, 2023Updated 3 years ago
- In-memory token vault BOF for Cobalt Strike☆149Aug 18, 2022Updated 3 years ago
- ☆74Jun 17, 2025Updated 9 months ago
- A command-line tool for reconnaissance and targeted write operations on Confluence and Jira instances.☆271Sep 14, 2023Updated 2 years ago
- A PoC that combines AutodialDLL lateral movement technique and SSP to scrape NTLM hashes from LSASS process.☆303Oct 26, 2022Updated 3 years ago
- ☆429Apr 22, 2025Updated 11 months ago
- The code is a pingback to the Dark Vortex blog:☆186Jan 26, 2023Updated 3 years ago
- .NET/PowerShell/VBA Offensive Security Obfuscator☆520Feb 1, 2024Updated 2 years ago
- ☆120Mar 28, 2025Updated 11 months ago
- PoC to coerce authentication from Windows hosts using MS-WSP☆304Sep 7, 2023Updated 2 years ago
- Use TpAllocWork, TpPostWork and TpReleaseWork to execute machine code☆24Mar 13, 2023Updated 3 years ago