Alternatives and similar repositories for FormThief:

Users that are interested in FormThief are comparing it to the libraries listed below

• rasta-mouse / CsWhispers
  Source generator to add D/Invoke and indirect syscall methods to a C# project.
  ☆173Updated 11 months ago
• WKL-Sec / GregsBestFriend
  GregsBestFriend process injection code created from the White Knight Labs Offensive Development course
  ☆180Updated last year
• nettitude / Aladdin
  ☆219Updated last year
• 0xsp-SRD / MDE_Enum
  comprehensive .NET tool designed to extract and display detailed information about Windows Defender exclusions and Attack Surface Reducti…
  ☆193Updated 8 months ago
• powerseb / PowerExtract
  ☆113Updated last year
• RePRGM / Nimperiments
  Various one-off pentesting projects written in Nim. Updates happen on a whim.
  ☆149Updated last month
• BC-SECURITY / IronSharpPack
  IronSharpPack is a repo of popular C# projects that have been embedded into IronPython scripts that execute an AMSI bypass and then refle…
  ☆109Updated 9 months ago
• cybersectroll / TrollUAC
  ☆135Updated 8 months ago
• cybersectroll / TrollAMSI
  ☆164Updated 3 months ago
• SaadAhla / AMSI_patch
  Patching AmsiOpenSession by forcing an error branching
  ☆143Updated last year
• MzHmO / Parasite-Invoke
  Hide your P/Invoke signatures through other people's signed assemblies
  ☆203Updated 11 months ago
• ricardojoserf / WhoamiAlternatives
  Different methods to get current username without using whoami
  ☆173Updated last year
• MzHmO / NtlmThief
  Extracting NetNTLM without touching lsass.exe
  ☆233Updated last year
• naksyn / Embedder
  Embedder is a collection of sources in different languages to embed Python interpreter with minimal dependencies
  ☆115Updated 8 months ago
• MzHmO / DebugAmsi
  DebugAmsi is another way to bypass AMSI through the Windows process debugger mechanism.
  ☆96Updated last year
• ZERODETECTION / MSC_Dropper
  ☆138Updated 6 months ago
• mandiant / msi-search
  ☆270Updated last year
• zimedev / certipy-merged
  Tool for Active Directory Certificate Services enumeration and abuse
  ☆107Updated 2 weeks ago
• 0xthirteen / AssemblyHunter
  Find .net assemblies locally
  ☆104Updated 2 years ago
• OmriBaso / WTSImpersonator
  WTSImpersonator utilizes WTSQueryUserToken to steal user tokens by abusing the RPC Named Pipe "\\pipe\LSM_API_service"
  ☆118Updated 7 months ago
• ricardojoserf / NativeBypassCredGuard
  Bypass Credential Guard by patching WDigest.dll using only NTAPI functions
  ☆216Updated 2 months ago
• oldkingcone / BYOSI
  Evade EDR's the simple way, by not touching any of the API's they hook.
  ☆82Updated 2 weeks ago
• Macmod / ldapx
  Flexible LDAP proxy that can be used to inspect & transform all LDAP packets generated by other tools on the fly.
  ☆104Updated last month
• 0xthirteen / Carseat
  Python implementation of GhostPack's Seatbelt situational awareness tool
  ☆240Updated 3 months ago
• Friends-Security / SharpExclusionFinder
  Tool designed to find folder exclusions using Windows Defender using command line utility MpCmdRun.exe as a low privileged user, without …
  ☆186Updated 4 months ago
• Mr-Un1k0d3r / AMSI-ETW-Patch
  Patch AMSI and ETW
  ☆235Updated 9 months ago
• sevagas / Advanced_Initial_access_in_2024_OffensiveX
  Resources linked to my presentation at OffensiveX in Athens in June 2024 on the topic "Breach the Gat, Advanced Initial Access in 2024"
  ☆131Updated 6 months ago
• Leo4j / Invoke-SMBRemoting
  Interactive Shell and Command Execution over Named-Pipes (SMB) for Fileless lateral movement
  ☆158Updated 2 months ago
• coffeegist / bofhound
  Generate BloodHound compatible JSON from logs written by ldapsearch BOF, pyldapsearch and Brute Ratel's LDAP Sentinel
  ☆187Updated last month
• improsec / BackupOperatorToolkit
  The BackupOperatorToolkit contains different techniques allowing you to escalate from Backup Operator to Domain Admin
  ☆168Updated 2 years ago