lypd0 / DeadPotato
DeadPotato is a windows privilege escalation utility from the Potato family of exploits, leveraging the SeImpersonate right to obtain SYSTEM privileges. This script has been customized from the original GodPotato source code by BeichenDream.
☆378Updated 7 months ago
Alternatives and similar repositories for DeadPotato:
Users that are interested in DeadPotato are comparing it to the libraries listed below
- MultiDump is a post-exploitation tool for dumping and extracting LSASS memory discreetly.☆508Updated this week
- Shadow Dumper is a powerful tool used to dump LSASS memory, often needed in penetration testing and red teaming. It uses multiple advance…☆514Updated last month
- ☆410Updated this week
- Remote Kerberos Relay made easy! Advanced Kerberos Relay Framework☆567Updated 9 months ago
- Collection of UAC Bypass Techniques Weaponized as BOFs☆490Updated last year
- SeImpersonate privilege escalation tool for Windows 8 - 11 and Windows Server 2012 - 2022 with extensive PowerShell and .NET reflection s…☆311Updated 10 months ago
- Amsi Bypass payload that works on Windwos 11☆375Updated last year
- micr0shell is a Python script that dynamically generates Windows X64 PIC Null-Free reverse shell shellcode.☆185Updated 8 months ago
- Active Directory reconnaissance and exploitation for Red Teams via the Active Directory Web Services (ADWS).☆535Updated last year
- A technique that can be used to bypass AV/EDR memory scanners. This can be used to hide well-known and detected shellcodes (such as msfve…☆511Updated 9 months ago
- Extract and execute a PE embedded within a PNG file using an LNK file.☆395Updated 5 months ago
- Dump lsass using only NTAPI functions creating 3 JSON and 1 ZIP file... and generate the MiniDump file later!☆438Updated last month
- shellcode loader for your evasion needs☆317Updated 4 months ago
- A sophisticated, covert Windows-based credential dumper using C++ and MASM x64.☆394Updated 8 months ago
- Materials for the workshop "Red Team Ops: Havoc 101"☆369Updated 5 months ago
- Dynamically convert an unmanaged EXE or DLL file to PIC shellcode by prepending a shellcode stub.☆305Updated 11 months ago
- ☆352Updated 3 months ago
- Collection of Beacon Object Files (BOF) for Cobalt Strike☆571Updated 8 months ago
- A list of python tools to help create an OPSEC-safe Cobalt Strike profile.☆413Updated last year
- Dump lsass using only NTAPI functions by hand-crafting Minidump files (without MiniDumpWriteDump!!!)☆578Updated 3 months ago
- Evasive shellcode loader☆351Updated 5 months ago
- Various resources to enhance Cobalt Strike's functionality and its ability to evade antivirus/EDR detection☆286Updated 10 months ago
- Leverage a legitimate WFP callout driver to prevent EDR agents from sending telemetry☆396Updated 8 months ago
- ScareCrow - Payload creation framework designed around EDR bypass.☆302Updated last year
- Leak of any user's NetNTLM hash. Fixed in KB5040434☆252Updated 7 months ago
- UAC Bypass By Abusing Kerberos Tickets☆494Updated last year
- BOF for Kerberos abuse (an implementation of some important features of the Rubeus).☆452Updated this week
- Reproducing Spyboy technique, which involves terminating all EDR/XDR/AVs processes by abusing the zam64.sys driver☆266Updated last week
- CVE-2025-24071: NTLM Hash Leak via RAR/ZIP Extraction and .library-ms File☆202Updated last week
- Cobalt Strike HTTPS beaconing over Microsoft Graph API☆579Updated 9 months ago