mdsecactivebreach / RegistryStrikesBack

Related projects ⓘ

Alternatives and complementary repositories for RegistryStrikesBack

• mitchmoser / AtYourService
  Service Enumeration C# .NET Assembly
  ☆59Updated 3 years ago
• rvrsh3ll / RuralBishop
  D/Invoke port of UrbanBishop
  ☆29Updated 3 years ago
• dtrizna / DotNetInject
  Code samples of .NET shellcode injections, weaponized for use via WebDav and mshta.exe.
  ☆39Updated 4 years ago
• dmchell / Sniper
  A simple proof of concept for detecting use of Cobalt Strike's execute-assembly
  ☆58Updated 2 years ago
• freshness79 / unlock
  Microsoft Applocker evasion tool
  ☆38Updated 4 years ago
• vysecurity / AzureAppC2
  A script that can be deployed to Azure App for C2 / Proxy / Redirector
  ☆35Updated 5 years ago
• kafkaesqu3 / SharpStomp
  Timestomping module: overwrite file create/modify times in .NET (no pinvoke)
  ☆22Updated 2 years ago
• aahmad097 / ZoomPersistence
  Zoom Persistence Aggressor and Handler
  ☆53Updated 3 years ago
• dsnezhkov / TruffleSnout
  Iterative AD discovery toolkit for offensive operations
  ☆86Updated 4 years ago
• djhohnstein / KittyLitter
  Credential Dumper
  ☆74Updated 4 years ago
• passthehashbrowns / SharpBuster
  SharpBuster is a C# implementation of a directory brute forcing tool. It's designed to be used via Cobalt Strike's execute-assembly and s…
  ☆59Updated 4 years ago
• checkymander / Forerunner
  Automation Engine using the Covenant API and lua scripting
  ☆24Updated last year
• xforcered / GetWebDAVStatus
  Determine if the WebClient Service (WebDAV) is running on a remote system
  ☆26Updated 3 years ago
• NinjaStyle82 / rbcd_permissions
  Add SD for controlled computer object to a target object for RBCD using LDAP
  ☆38Updated 3 years ago
• EspressoCake / Cobalt_Strike_Ansible
  A project to replicate the functionality of Noah Powers' ServerSetup script, but with error handling and fixed Namecheap API support.
  ☆33Updated 3 years ago
• djhohnstein / TSMSISrv_poc
  C# POC code for the SessionEnv dll hijack by utilizing called functions of TSMSISrv.dll
  ☆58Updated 5 years ago
• N4kedTurtle / LocalDllParse
  ☆54Updated 3 years ago
• vysecurity / FSharp-Shellcode
  F# Implementation to spawn shellcode
  ☆47Updated 6 years ago
• S3cur3Th1sSh1t / LDAP-Signing-Scanner
  A little scanner to check the LDAP Signing state
  ☆46Updated 3 years ago
• 0xthirteen / PowerView3-Aggressor
  Cobalt Strike Aggressor script menu for Powerview/SharpView
  ☆28Updated 5 years ago
• jfmaes / DeepSleep
  all credits go to @mgeeky
  ☆58Updated 3 years ago
• 0xthirteen / CleanRunMRU
  Get or remove RunMRU values
  ☆52Updated 4 years ago
• kyleavery / scarecrow_wrapper
  ☆36Updated 3 years ago
• rmdavy / HeapsOfFun
  AMSI Bypass Via the Heap
  ☆105Updated 4 years ago
• CCob / PwnyForm
  ☆44Updated 4 years ago
• djhohnstein / SharpSC
  Simple .NET assembly to interact with services.
  ☆38Updated 5 years ago
• dcsync / aggressor
  aggressor and pycobalt scripts.
  ☆18Updated 4 years ago
• Flangvik / SharpAppLocker
  C# port of the Get-AppLockerPolicy PS cmdlet
  ☆98Updated last year