PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS.
☆568Jan 20, 2026Updated last month
Alternatives and similar repositories for PrivKit
Users that are interested in PrivKit are comparing it to the libraries listed below
Sorting:
- Collection of Beacon Object Files (BOF) for Cobalt Strike☆675Aug 15, 2025Updated 6 months ago
- A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techni…☆1,370Oct 27, 2023Updated 2 years ago
- Collection of UAC Bypass Techniques Weaponized as BOFs☆607Feb 21, 2024Updated 2 years ago
- Remote operations commands implemented using Beacon Object Files☆1,120Updated this week
- A beacon object file implementation of PoolParty Process Injection Technique.☆434Dec 21, 2023Updated 2 years ago
- CobaltStrike BOF to spawn Beacons using DLL Application Directory Hijacking☆285Jun 8, 2023Updated 2 years ago
- .NET assembly loader with patchless AMSI and ETW bypass☆368Apr 19, 2023Updated 2 years ago
- Library of BOFs to interact with SQL servers☆223Dec 3, 2025Updated 2 months ago
- BOF and Python3 implementation of technique to unbind 445/tcp on Windows via SCM interactions☆346Nov 19, 2024Updated last year
- Indirect Dynamic Syscall, SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird …☆776Jan 26, 2026Updated last month
- Cobalt Strike UDRL for memory scanner evasion.☆1,006Jun 4, 2024Updated last year
- Terminate AV/EDR Processes using kernel driver☆352Jun 12, 2023Updated 2 years ago
- Dump lsass using only NTAPI functions creating 3 JSON and 1 ZIP file... and generate the MiniDump file later!☆539May 9, 2025Updated 9 months ago
- PoC module to demonstrate automated lateral movement with the Havoc C2 framework.☆307Dec 9, 2023Updated 2 years ago
- A BOF that runs unmanaged PEs inline☆681Oct 23, 2024Updated last year
- Generate BloodHound compatible JSON from logs written by ldapsearch BOF, pyldapsearch and Brute Ratel's LDAP Sentinel☆387Feb 23, 2024Updated 2 years ago
- BOF for Kerberos abuse (an implementation of some important features of the Rubeus).☆546Nov 23, 2025Updated 3 months ago
- InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assem…☆740Jul 22, 2023Updated 2 years ago
- An alternative screenshot capability for Cobalt Strike that uses WinAPI and does not perform a fork & run. Screenshot downloaded in memor…☆490Dec 7, 2025Updated 2 months ago
- COFF file (BOF) for managing Kerberos tickets.☆320Jul 2, 2023Updated 2 years ago
- Porting of BOF InlineExecute-Assembly to load .NET assembly in process but with patchless AMSI and ETW bypass using hardware breakpoint.☆277Apr 17, 2023Updated 2 years ago
- WindowSpy is a Cobalt Strike Beacon Object File meant for automated and targeted user surveillance.☆281Feb 24, 2025Updated last year
- A CobaltStrike toolkit to write files produced by Beacon to memory instead of disk☆473Jul 6, 2024Updated last year
- Active Directory reconnaissance and exploitation for Red Teams via the Active Directory Web Services (ADWS).☆586Mar 19, 2024Updated last year
- A .NET Runtime for Cobalt Strike's Beacon Object Files☆771Sep 4, 2024Updated last year
- Weaponized CobaltStrike BOF for CVE-2023-36874 Windows Error Reporting LPE☆205Aug 25, 2023Updated 2 years ago
- Creating a repository with all public Beacon Object Files (BoFs)☆576Aug 30, 2023Updated 2 years ago
- Cobalt Strike HTTPS beaconing over Microsoft Graph API☆622Jun 25, 2024Updated last year
- HVNC for Cobalt Strike☆1,298Dec 7, 2023Updated 2 years ago
- A tool employs direct registry manipulation to create scheduled tasks without triggering the usual event logs.☆614Jan 2, 2025Updated last year
- ☆162Mar 27, 2023Updated 2 years ago
- Execute unmanaged Windows executables in CobaltStrike Beacons☆714Mar 4, 2023Updated 2 years ago
- An x64 position-independent shellcode stager that verifies the stage it retrieves prior to execution☆195Nov 27, 2024Updated last year
- Dump lsass using only NTAPI functions by hand-crafting Minidump files (without MiniDumpWriteDump!!!)☆701May 7, 2025Updated 9 months ago
- SCCMHunter is a post-ex tool built to streamline identifying, profiling, and attacking SCCM related assets in an Active Directory domain.…☆892Feb 18, 2026Updated last week
- Situational Awareness commands implemented using Beacon Object Files☆1,722Updated this week
- Curated list of public Beacon Object Files(BOFs) build in as submodules for easy cloning☆137Dec 7, 2025Updated 2 months ago
- ☆123Oct 9, 2023Updated 2 years ago
- C or BOF file to extract WebKit master key to decrypt user cookie☆207Apr 29, 2024Updated last year