mlcsec/FormThief

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/mlcsec/FormThief)

mlcsec / FormThief

Spoofing desktop login applications with WinForms and WPF

☆177

Alternatives and similar repositories for FormThief

Users that are interested in FormThief are comparing it to the libraries listed below

Sorting:

Kudaes / ADPT
View on GitHub
DLL proxying for lazy people
☆203Dec 1, 2025Updated 3 months ago
mlcsec / proctools
View on GitHub
Small toolkit for extracting information and dumping sensitive strings from Windows processes
☆117Jul 17, 2024Updated last year
mlcsec / SharpGraphView
View on GitHub
Microsoft Graph API post-exploitation toolkit
☆95Jul 13, 2024Updated last year
deh00ni / NtDumpBOF
View on GitHub
☆100Sep 1, 2024Updated last year
Mayyhem / Maestro
View on GitHub
Abusing Azure services over C2
☆367Jan 20, 2026Updated 2 months ago
naksyn / Embedder
View on GitHub
Embedder is a collection of sources in different languages to embed Python interpreter with minimal dependencies
☆123May 29, 2024Updated last year
decoder-it / ADCSCoercePotato
View on GitHub
☆244May 5, 2024Updated last year
netero1010 / GhostTask
View on GitHub
A tool employs direct registry manipulation to create scheduled tasks without triggering the usual event logs.
☆618Jan 2, 2025Updated last year
florylsk / ExecIT
View on GitHub
Execute shellcode files with rundll32
☆218Jan 28, 2024Updated 2 years ago
MzHmO / Parasite-Invoke
View on GitHub
Hide your P/Invoke signatures through other people's signed assemblies
☆211Mar 10, 2024Updated 2 years ago
synacktiv / DLHell
View on GitHub
Local & remote Windows DLL Proxying
☆169Jun 17, 2024Updated last year
icyguider / UAC-BOF-Bonanza
View on GitHub
Collection of UAC Bypass Techniques Weaponized as BOFs
☆611Feb 21, 2024Updated 2 years ago
mertdas / PrivKit
View on GitHub
PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS.
☆574Jan 20, 2026Updated 2 months ago
VoldeSec / PatchlessInlineExecute-Assembly
View on GitHub
Porting of BOF InlineExecute-Assembly to load .NET assembly in process but with patchless AMSI and ETW bypass using hardware breakpoint.
☆277Apr 17, 2023Updated 2 years ago
zyn3rgy / smbtakeover
View on GitHub
BOF and Python3 implementation of technique to unbind 445/tcp on Windows via SCM interactions
☆346Nov 19, 2024Updated last year
0xEr3bus / PoolPartyBof
View on GitHub
A beacon object file implementation of PoolParty Process Injection Technique.
☆438Dec 21, 2023Updated 2 years ago
ricardojoserf / NativeDump
View on GitHub
Dump lsass using only NTAPI functions by hand-crafting Minidump files (without MiniDumpWriteDump!!!)
☆701May 7, 2025Updated 10 months ago
Xre0uS / MultiDump
View on GitHub
MultiDump is a post-exploitation tool for dumping and extracting LSASS memory discreetly.
☆538Nov 14, 2025Updated 4 months ago
mlcsec / Graphpython
View on GitHub
Modular cross-platform Microsoft Graph API (Entra, o365, and Intune) enumeration and exploitation toolkit
☆166Dec 7, 2024Updated last year
xpn / CloudInject
View on GitHub
☆121Nov 21, 2024Updated last year
fortra / No-Consolation
View on GitHub
A BOF that runs unmanaged PEs inline
☆683Oct 23, 2024Updated last year
sokaRepo / CoercedPotatoRDLL
View on GitHub
Reflective DLL to privesc from NT Service to SYSTEM using SeImpersonateToken privilege
☆225Nov 23, 2023Updated 2 years ago
MzHmO / NtlmThief
View on GitHub
Extracting NetNTLM without touching lsass.exe
☆244Nov 27, 2023Updated 2 years ago
naksyn / DojoLoader
View on GitHub
Generic PE loader for fast prototyping evasion techniques
☆245Jul 2, 2024Updated last year
rasta-mouse / SpawnWith
View on GitHub
☆110Feb 17, 2025Updated last year
Offensive-Panda / LsassReflectDumping
View on GitHub
This tool leverages the Process Forking technique using the RtlCreateProcessReflection API to clone the lsass.exe process. Once the clone…
☆216Oct 19, 2024Updated last year
ZephrFish / QoL-BOFs
View on GitHub
Curated list of public Beacon Object Files(BOFs) build in as submodules for easy cloning
☆137Dec 7, 2025Updated 3 months ago
dmcxblue / SharpGhostTask
View on GitHub
A C# port from Invoke-GhostTask
☆120Jan 5, 2024Updated 2 years ago
Mr-Un1k0d3r / BOFCode
View on GitHub
Bunch of BOF files
☆40Jun 30, 2025Updated 8 months ago
boku7 / patchwerk
View on GitHub
BOF that finds all the Nt* system call stubs within NTDLL and overwrites with clean syscall stubs (user land hook evasion)
☆195Feb 6, 2025Updated last year
Bl4ckM1rror / PEAs
View on GitHub
☆60Dec 15, 2023Updated 2 years ago
REDMED-X / OperatorsKit
View on GitHub
Collection of Beacon Object Files (BOF) for Cobalt Strike
☆680Aug 15, 2025Updated 7 months ago
fin3ss3g0d / NativeThreadpool
View on GitHub
Work, timer, and wait callback example using solely Native Windows APIs.
☆88Feb 11, 2024Updated 2 years ago
senzee1984 / InflativeLoading
View on GitHub
Dynamically convert an unmanaged EXE or DLL file to PIC shellcode by prepending a shellcode stub.
☆326Apr 12, 2024Updated last year
garrettfoster13 / sccmhunter
View on GitHub
SCCMHunter is a post-ex tool built to streamline identifying, profiling, and attacking SCCM related assets in an Active Directory domain.…
☆898Mar 11, 2026Updated last week
itm4n / PPLrevenant
View on GitHub
Bypass LSA protection using the BYODLL technique
☆172Sep 21, 2024Updated last year
cybersectroll / TrollUAC
View on GitHub
☆143May 22, 2024Updated last year
Maldev-Academy / Christmas
View on GitHub
PoC demonstrating a multi process injection chain aimed at remotely executing shellcode
☆259Jan 21, 2024Updated 2 years ago
lap1nou / CLR_Heap_encryption
View on GitHub
☆101Oct 7, 2023Updated 2 years ago