mlcsec/FormThief

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/mlcsec/FormThief)

mlcsec / FormThief

Spoofing desktop login applications with WinForms and WPF

☆177

Alternatives and similar repositories for FormThief

Users that are interested in FormThief are comparing it to the libraries listed below

Sorting:

naksyn / Embedder
View on GitHub
Embedder is a collection of sources in different languages to embed Python interpreter with minimal dependencies
☆122May 29, 2024Updated last year
Kudaes / ADPT
View on GitHub
DLL proxying for lazy people
☆200Dec 1, 2025Updated 2 months ago
deh00ni / NtDumpBOF
View on GitHub
☆100Sep 1, 2024Updated last year
mlcsec / proctools
View on GitHub
Small toolkit for extracting information and dumping sensitive strings from Windows processes
☆116Jul 17, 2024Updated last year
decoder-it / ADCSCoercePotato
View on GitHub
☆242May 5, 2024Updated last year
mertdas / PrivKit
View on GitHub
PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS.
☆568Jan 20, 2026Updated last month
Mayyhem / Maestro
View on GitHub
Abusing Azure services over C2
☆368Jan 20, 2026Updated last month
mlcsec / SharpGraphView
View on GitHub
Microsoft Graph API post-exploitation toolkit
☆95Jul 13, 2024Updated last year
netero1010 / GhostTask
View on GitHub
A tool employs direct registry manipulation to create scheduled tasks without triggering the usual event logs.
☆614Jan 2, 2025Updated last year
0xEr3bus / PoolPartyBof
View on GitHub
A beacon object file implementation of PoolParty Process Injection Technique.
☆434Dec 21, 2023Updated 2 years ago
mlcsec / Graphpython
View on GitHub
Modular cross-platform Microsoft Graph API (Entra, o365, and Intune) enumeration and exploitation toolkit
☆165Dec 7, 2024Updated last year
synacktiv / DLHell
View on GitHub
Local & remote Windows DLL Proxying
☆169Jun 17, 2024Updated last year
zyn3rgy / smbtakeover
View on GitHub
BOF and Python3 implementation of technique to unbind 445/tcp on Windows via SCM interactions
☆346Nov 19, 2024Updated last year
MzHmO / Parasite-Invoke
View on GitHub
Hide your P/Invoke signatures through other people's signed assemblies
☆211Mar 10, 2024Updated last year
MzHmO / NtlmThief
View on GitHub
Extracting NetNTLM without touching lsass.exe
☆243Nov 27, 2023Updated 2 years ago
dmcxblue / SharpGhostTask
View on GitHub
A C# port from Invoke-GhostTask
☆120Jan 5, 2024Updated 2 years ago
ricardojoserf / NativeDump
View on GitHub
Dump lsass using only NTAPI functions by hand-crafting Minidump files (without MiniDumpWriteDump!!!)
☆701May 7, 2025Updated 9 months ago
icyguider / UAC-BOF-Bonanza
View on GitHub
Collection of UAC Bypass Techniques Weaponized as BOFs
☆607Feb 21, 2024Updated 2 years ago
sokaRepo / CoercedPotatoRDLL
View on GitHub
Reflective DLL to privesc from NT Service to SYSTEM using SeImpersonateToken privilege
☆225Nov 23, 2023Updated 2 years ago
VoldeSec / PatchlessInlineExecute-Assembly
View on GitHub
Porting of BOF InlineExecute-Assembly to load .NET assembly in process but with patchless AMSI and ETW bypass using hardware breakpoint.
☆275Apr 17, 2023Updated 2 years ago
fortra / No-Consolation
View on GitHub
A BOF that runs unmanaged PEs inline
☆680Oct 23, 2024Updated last year
fin3ss3g0d / NativeThreadpool
View on GitHub
Work, timer, and wait callback example using solely Native Windows APIs.
☆88Feb 11, 2024Updated 2 years ago
florylsk / ExecIT
View on GitHub
Execute shellcode files with rundll32
☆216Jan 28, 2024Updated 2 years ago
senzee1984 / InflativeLoading
View on GitHub
Dynamically convert an unmanaged EXE or DLL file to PIC shellcode by prepending a shellcode stub.
☆325Apr 12, 2024Updated last year
REDMED-X / OperatorsKit
View on GitHub
Collection of Beacon Object Files (BOF) for Cobalt Strike
☆672Aug 15, 2025Updated 6 months ago
Xre0uS / MultiDump
View on GitHub
MultiDump is a post-exploitation tool for dumping and extracting LSASS memory discreetly.
☆537Nov 14, 2025Updated 3 months ago
garrettfoster13 / sccmhunter
View on GitHub
SCCMHunter is a post-ex tool built to streamline identifying, profiling, and attacking SCCM related assets in an Active Directory domain.…
☆892Feb 18, 2026Updated last week
naksyn / DojoLoader
View on GitHub
Generic PE loader for fast prototyping evasion techniques
☆244Jul 2, 2024Updated last year
xpn / CloudInject
View on GitHub
☆121Nov 21, 2024Updated last year
rasta-mouse / SpawnWith
View on GitHub
☆109Feb 17, 2025Updated last year
WKL-Sec / dcomhijack
View on GitHub
Lateral Movement Using DCOM and DLL Hijacking
☆325Jun 18, 2023Updated 2 years ago
foxlox / GIUDA
View on GitHub
Ask a TGS on behalf of another user without password
☆482Mar 30, 2025Updated 11 months ago
BlackSnufkin / NovaLdr
View on GitHub
Threadless Module Stomping In Rust with some features (In memory of those murdered in the Nova party massacre)
☆258Jun 29, 2024Updated last year
lap1nou / CLR_Heap_encryption
View on GitHub
☆101Oct 7, 2023Updated 2 years ago
Offensive-Panda / LsassReflectDumping
View on GitHub
This tool leverages the Process Forking technique using the RtlCreateProcessReflection API to clone the lsass.exe process. Once the clone…
☆215Oct 19, 2024Updated last year
grayhatkiller / SharpExShell
View on GitHub
SharpExShell automates the DCOM lateral movment technique which abuses ActivateMicrosoftApp method of Excel application.
☆75May 1, 2024Updated last year
S3cur3Th1sSh1t / SharpVeeamDecryptor
View on GitHub
Decrypt Veeam database passwords
☆222Dec 8, 2025Updated 2 months ago
Maldev-Academy / Christmas
View on GitHub
PoC demonstrating a multi process injection chain aimed at remotely executing shellcode
☆260Jan 21, 2024Updated 2 years ago
CICADA8-Research / RemoteKrbRelay
View on GitHub
Remote Kerberos Relay made easy! Advanced Kerberos Relay Framework
☆638May 8, 2025Updated 9 months ago