SCOMDecrypt is a tool to decrypt stored RunAs credentials from SCOM servers
☆132Nov 10, 2023Updated 2 years ago
Alternatives and similar repositories for SCOMDecrypt
Users that are interested in SCOMDecrypt are comparing it to the libraries listed below
Sorting:
- Dump Citrix Secure Access auth cookie from the process memory☆76Jun 24, 2022Updated 3 years ago
- A BOF to determine Windows Defender exclusions.☆253Jun 25, 2023Updated 2 years ago
- C# POC to extract NetNTLMv1/v2 hashes from ETW provider☆258May 10, 2023Updated 2 years ago
- ☆92Aug 23, 2021Updated 4 years ago
- AAD related enumeration in Nim☆132Sep 7, 2023Updated 2 years ago
- Infect Shared Files In Memory for Lateral Movement☆193Dec 14, 2022Updated 3 years ago
- A C# tool to output crackable DPAPI hashes from user MasterKeys☆140Sep 14, 2024Updated last year
- Running .NET from VBA☆148Feb 11, 2023Updated 3 years ago
- A PoC that combines AutodialDLL lateral movement technique and SSP to scrape NTLM hashes from LSASS process.☆301Oct 26, 2022Updated 3 years ago
- Cobalt Strike BOF for quser.exe implementation using Windows API☆87Mar 22, 2023Updated 2 years ago
- Cobalt Strike BOF that identifies Attack Surface Reduction (ASR) rules, actions, and exclusion locations☆160Mar 1, 2024Updated 2 years ago
- Programmatically start WebClient from an unprivileged session to enable that juicy privesc.☆78Feb 8, 2023Updated 3 years ago
- Proof of Concept Utilities Developed to Research NTLM Relaying Attacks Targeting ADFS☆187Jun 22, 2022Updated 3 years ago
- Beacon Object File PoC implementation of KillDefender☆236Apr 12, 2022Updated 3 years ago
- A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other ob…☆483Oct 14, 2022Updated 3 years ago
- Dump NTDS with golden certificates and UnPAC the hash☆647Mar 20, 2024Updated last year
- ☆164Dec 30, 2022Updated 3 years ago
- A .NET 4.8 application to retrieve delivr.to emails from Microsoft Outlook via COM☆20Jul 19, 2025Updated 7 months ago
- ☆408Feb 10, 2026Updated 2 weeks ago
- A C# utility for interacting with SCCM☆682Aug 20, 2025Updated 6 months ago
- C# implementation of the token privilege removal flaw discovered by @GabrielLandau/Elastic☆144Feb 23, 2022Updated 4 years ago
- DynamicSyscalls is a library written in .net resolves the syscalls dynamically (Has nothing to do with hooking/unhooking)☆66Nov 13, 2022Updated 3 years ago
- Python module for running BOFs☆79Nov 28, 2025Updated 3 months ago
- Tooling related to the WAM Bam - Recovering Web Tokens From Office blog post☆130Jan 14, 2023Updated 3 years ago
- Multithreaded C# .NET Assembly to enumerate accessible network shares in a domain☆374Sep 20, 2025Updated 5 months ago
- ☆105Jul 31, 2024Updated last year
- Recovering NTLM hashes from Credential Guard☆378Dec 26, 2022Updated 3 years ago
- Coerce Windows machines auth via MS-EVEN☆172Jan 17, 2024Updated 2 years ago
- Citrix Phishlet☆24Feb 2, 2021Updated 5 years ago
- A faithful transposition of the key features/functionality of @itm4n's PPLDump project as a BOF.☆143Sep 24, 2021Updated 4 years ago
- Collection of Beacon Object Files (BOF) for Cobalt Strike☆186Dec 5, 2022Updated 3 years ago
- PXEThief is a set of tooling that can extract passwords from the Operating System Deployment functionality in Microsoft Endpoint Configur…☆413May 29, 2024Updated last year
- ☆246Dec 16, 2022Updated 3 years ago
- WhoAmI by asking the LDAP service on a domain controller.☆64Feb 8, 2022Updated 4 years ago
- ☆413Dec 14, 2023Updated 2 years ago
- C# version of Powermad☆170Dec 5, 2023Updated 2 years ago
- FrostByte is a POC project that combines different defense evasion techniques to build better redteam payloads☆385Apr 16, 2022Updated 3 years ago
- Find world writable directories that contain a .exe or .dll file☆13Aug 31, 2021Updated 4 years ago
- Proof of concept Beacon Object File (BOF) that uses static x64 syscalls to perform a complete in memory dump of a process and send that b…☆244Jul 14, 2021Updated 4 years ago