lkarlslund / hashmuncherView external linksLinks
Grab NetNTLMv2 hashes using ETW with administrative rights on Windows 8.1 / Windows Server 2016 and later
☆94May 9, 2023Updated 2 years ago
Alternatives and similar repositories for hashmuncher
Users that are interested in hashmuncher are comparing it to the libraries listed below
Sorting:
- ☆27May 1, 2023Updated 2 years ago
- Apply a divide and conquer approach to bypass EDRs☆287Oct 19, 2023Updated 2 years ago
- C# POC to extract NetNTLMv1/v2 hashes from ETW provider☆259May 10, 2023Updated 2 years ago
- A C# tool to output crackable DPAPI hashes from user MasterKeys☆140Sep 14, 2024Updated last year
- Utilities for Pentesting with BloodHound☆22Dec 10, 2025Updated 2 months ago
- Set of python scripts which perform different ways of command execution via WMI protocol.☆165Jun 29, 2023Updated 2 years ago
- Quietly and anonymously bruteforce Active Directory usernames at insane speeds from Domain Controllers by (ab)using LDAP Ping requests (c…☆1,049Nov 9, 2024Updated last year
- A C# utility for interacting with SCCM☆682Aug 20, 2025Updated 5 months ago
- DavRelayUp - a universal no-fix local privilege escalation in domain-joined windows workstations where LDAP signing is not enforced (the …☆565Jun 5, 2023Updated 2 years ago
- Decrypt Veeam database passwords☆222Dec 8, 2025Updated 2 months ago
- ☆107Jan 4, 2023Updated 3 years ago
- Lockless BOF☆79May 2, 2025Updated 9 months ago
- Programmatically start WebClient from an unprivileged session to enable that juicy privesc.☆77Feb 8, 2023Updated 3 years ago
- A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other ob…☆482Oct 14, 2022Updated 3 years ago
- ☆477Nov 20, 2022Updated 3 years ago
- A C# implementation of dumping credentials from Windows Credential Manager☆61Sep 23, 2023Updated 2 years ago
- The GPOddity project, aiming at automating GPO attack vectors through NTLM relaying (and more).☆358Dec 13, 2025Updated 2 months ago
- Credential Guard Bypass Via Patching Wdigest Memory☆335Feb 3, 2023Updated 3 years ago
- ☆413Apr 28, 2021Updated 4 years ago
- Tooling related to the WAM Bam - Recovering Web Tokens From Office blog post☆130Jan 14, 2023Updated 3 years ago
- MS-FSRVP coercion abuse PoC☆305Dec 30, 2021Updated 4 years ago
- ☆17Jun 28, 2023Updated 2 years ago
- Patch AMSI and ETW☆250May 8, 2024Updated last year
- AAD related enumeration in Nim☆132Sep 7, 2023Updated 2 years ago
- A RunAs clone with the ability to specify the password as an argument.☆112Jul 2, 2023Updated 2 years ago
- ☆222Mar 10, 2024Updated last year
- Easy red team phishing with Puppeteer☆133Feb 6, 2023Updated 3 years ago
- ☆49Feb 11, 2023Updated 3 years ago
- C# DInvoke Shellcode Runner☆31Feb 10, 2025Updated last year
- ☆385Jan 19, 2023Updated 3 years ago
- A command-line tool for reconnaissance and targeted write operations on Confluence and Jira instances.☆272Sep 14, 2023Updated 2 years ago
- C# version of NTLMRawUnHide☆72Oct 8, 2022Updated 3 years ago
- NTLM relaying for Windows made easy☆579Apr 25, 2023Updated 2 years ago
- A small example of loading BOFs in Python with pure reflection☆19Jan 26, 2023Updated 3 years ago
- .NET port of Leron Gray's azbelt tool.☆26Sep 21, 2023Updated 2 years ago
- Detect whether a service is installed (blindly) and/or running (if exposing named pipes) on a remote machine without using local admin pr…☆239Sep 3, 2023Updated 2 years ago
- ☆83Nov 1, 2023Updated 2 years ago
- Porting of NPPSPY by Grzegorz Tworek to 'man in the middle' the user logon process, and store the user's name and password in an unassumi…☆19Apr 24, 2023Updated 2 years ago
- Finding all things on-prem Microsoft for password spraying and enumeration.☆258May 17, 2022Updated 3 years ago