lypd0 / DeadPotato
DeadPotato is a windows privilege escalation utility from the Potato family of exploits, leveraging the SeImpersonate right to obtain SYSTEM privileges. This script has been customized from the original GodPotato source code by BeichenDream.
☆294Updated last month
Related projects: ⓘ
- MultiDump is a post-exploitation tool for dumping and extracting LSASS memory discreetly.☆485Updated last month
- A sophisticated, covert Windows-based credential dumper using C++ and MASM x64.☆360Updated 2 months ago
- A technique that can be used to bypass AV/EDR memory scanners. This can be used to hide well-known and detected shellcodes (such as msfve…☆439Updated 3 months ago
- Remote Kerberos Relay made easy! Advanced Kerberos Relay Framework☆467Updated 2 months ago
- SeImpersonate privilege escalation tool for Windows 8 - 11 and Windows Server 2012 - 2022 with extensive PowerShell and .NET reflection s…☆217Updated 4 months ago
- Escalate Service Account To LocalSystem via Kerberos☆387Updated last year
- Amsi Bypass payload that works on Windwos 11☆367Updated last year
- Materials for the workshop "Red Team Ops: Havoc 101"☆325Updated last year
- Cobalt Strike HTTPS beaconing over Microsoft Graph API☆539Updated 2 months ago
- Collection of UAC Bypass Techniques Weaponized as BOFs☆380Updated 6 months ago
- Leak of any user's NetNTLM hash. Fixed in KB5040434☆214Updated last month
- Microsoft SharePoint Server Elevation of Privilege Vulnerability☆222Updated 11 months ago
- micr0shell is a Python script that dynamically generates Windows X64 PIC Null-Free reverse shell shellcode.☆147Updated last month
- UAC Bypass By Abusing Kerberos Tickets☆470Updated last year
- Awesome AV/EDR/XDR Bypass Tips☆244Updated last year
- HookChain: A new perspective for Bypassing EDR Solutions☆291Updated 3 weeks ago
- Collection of Beacon Object Files (BOF) for Cobalt Strike☆510Updated 2 months ago
- Various resources to enhance Cobalt Strike's functionality and its ability to evade antivirus/EDR detection☆233Updated 4 months ago
- A tool employs direct registry manipulation to create scheduled tasks without triggering the usual event logs.☆459Updated 10 months ago
- ☆163Updated 10 months ago
- Reproducing Spyboy technique, which involves terminating all EDR/XDR/AVs processes by abusing the zam64.sys driver☆228Updated 2 months ago
- ☆196Updated this week
- Simulate the behavior of AV/EDR for malware development training.☆443Updated 7 months ago
- PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS.☆365Updated 3 months ago
- shellcode loader for your evasion needs☆257Updated 3 months ago
- yet another AV killer tool using BYOVD☆259Updated 9 months ago
- ☆144Updated this week
- Dump lsass using only NTAPIS running 3 programs to create 3 JSON and 1 ZIP file... and generate the Minidump later!☆265Updated this week
- Active Directory reconnaissance and exploitation for Red Teams via the Active Directory Web Services (ADWS).☆447Updated 6 months ago
- Kill AV/EDR leveraging BYOVD attack☆301Updated last year