Alternatives and similar repositories for BHCEupload

Users that are interested in BHCEupload are comparing it to the libraries listed below

• codyburkard / azol

  View on GitHub
  Azure Offensive Library
  ☆17Oct 18, 2025Updated 3 months ago
• CodeXTF2 / cobaltstrike-sleepmask-yara

  View on GitHub
  Just a git repo for the sleepmask detection rule i found in https://codex-7.gitbook.io/codexs-terminal-window/blue-team/detecting-cobalt-…
  ☆16Jun 4, 2025Updated 8 months ago
• slygoo / pssrecon

  View on GitHub
  ☆40Oct 8, 2024Updated last year
• SolomonSklash / RubeusToCcache

  View on GitHub
  A small tool to convert Base64-encoded .kirbi tickets from Rubeus into .ccache files for Impacket
  ☆73May 18, 2020Updated 5 years ago
• HaydoW / NerfDefender

  View on GitHub
  BOF and C++ implementation of the Windows Defender sandboxing technique described by Elastic Security Labs/Gabriel Landau.
  ☆24Jul 5, 2023Updated 2 years ago
• emiliensocchi / azurehound-queries

  View on GitHub
  🌩️ Collection of BloodHound queries for Azure
  ☆82Jan 7, 2025Updated last year
• ustayready / ShredHound

  View on GitHub
  Small utility to chunk up a large BloodHound JSON file into smaller files for importing.
  ☆98Apr 13, 2023Updated 2 years ago
• EspressoCake / DLL_Version_Enumeration_BOF

  View on GitHub
  A BOF for enumerating version information for DLLs associated for a Beacon process.
  ☆16Nov 23, 2021Updated 4 years ago
• TierZeroSecurity / killerPID-BOF

  View on GitHub
  BOF to terminate a process via PID as argument
  ☆28Sep 7, 2025Updated 5 months ago
• shelltrail / cmloot

  View on GitHub
  ☆79Sep 8, 2025Updated 5 months ago
• NocteDefensor / ludus_tailscale

  View on GitHub
  Ansible Role for Ludus to provision or remove a device to/from a Tailnet.
  ☆13Dec 5, 2025Updated 2 months ago
• fastlorenzo / redelk-kibana-app

  View on GitHub
  Kibana app for RedELK
  ☆18Mar 19, 2023Updated 2 years ago
• BloodHoundAD / TierZeroTable

  View on GitHub
  Table of AD and Azure assets and whether they belong to Tier Zero
  ☆26Sep 12, 2023Updated 2 years ago
• badsectorlabs / sccm-http-looter

  View on GitHub
  Find interesting files stored on (System Center) Configuration Manager (SCCM/CM) shares via HTTP(s)
  ☆206Sep 30, 2024Updated last year
• EspressoCake / Defender-Exclusions-Creator-BOF

  View on GitHub
  ☆83Nov 1, 2023Updated 2 years ago
• OG-Sadpanda / SharpCat

  View on GitHub
  C# alternative to the linux "cat" command... Prints file contents to console. For use with Cobalt Strike's Execute-Assembly
  ☆15Jul 15, 2021Updated 4 years ago
• tothi / serviceDetector

  View on GitHub
  Detect whether a service is installed (blindly) and/or running (if exposing named pipes) on a remote machine without using local admin pr…
  ☆239Sep 3, 2023Updated 2 years ago
• EspressoCake / BOF_Development_Docker

  View on GitHub
  A VSCode devcontainer for development of COFF files with batteries included.
  ☆50Jul 10, 2023Updated 2 years ago
• JamesCooteUK / BOFs

  View on GitHub
  Collection of BOFs for Cobalt Strike
  ☆33Mar 28, 2023Updated 2 years ago
• CompassSecurity / TokenPhisher

  View on GitHub
  ☆26Feb 11, 2025Updated last year
• 0xflux / Vectored-Exception-Handling-Squared

  View on GitHub
  Vectored Exception Handling Squared
  ☆29Dec 27, 2025Updated last month
• iamagarre / BadExclusions

  View on GitHub
  BadExclusions is a tool to identify folder custom or undocumented exclusions on AV/EDR
  ☆20Feb 8, 2024Updated 2 years ago
• lutzenfried / Delegate

  View on GitHub
  Tool to perform GCP Domain Wide Delegation abuse and access Gmail and Drive data
  ☆72Oct 22, 2025Updated 3 months ago
• olafhartong / DefenderHarvester

  View on GitHub
  Expose a lot of MDE telemetry that is not easily accessible in any searchable form
  ☆116Aug 19, 2025Updated 5 months ago
• fastlorenzo / redelk-ansible

  View on GitHub
  Ansible roles to deploy RedELK
  ☆23Feb 15, 2023Updated 3 years ago
• ToweringDragoon / SACL_Scanner

  View on GitHub
  SACL Scanner is a tool designed to scan and analyze SACLs.
  ☆50Feb 13, 2025Updated last year
• Flangvik / SharpAppLocker

  View on GitHub
  C# port of the Get-AppLockerPolicy PS cmdlet
  ☆100Dec 8, 2022Updated 3 years ago
• SpecterOps / cred1py

  View on GitHub
  A Python POC for CRED1 over SOCKS5
  ☆164Oct 5, 2024Updated last year
• Malcrove / SeamlessPass

  View on GitHub
  A tool leveraging Kerberos tickets to get Microsoft 365 access tokens using Seamless SSO
  ☆232Aug 25, 2024Updated last year
• dirkjanm / roadtools_hybrid

  View on GitHub
  Hybrid AD utilities for ROADtools
  ☆106May 25, 2025Updated 8 months ago
• Adepts-Of-0xCC / SnoopyOwl

  View on GitHub
  ☆48May 12, 2021Updated 4 years ago
• jnqpblc / SharpSvc

  View on GitHub
  SharpSvc is a simple code set to interact with the SC Manager API and is compatible with Cobalt Strike.
  ☆26Aug 8, 2023Updated 2 years ago
• SecurityRiskAdvisors / letItGo

  View on GitHub
  Enumerate and check domains for Azure tenants
  ☆60Feb 1, 2022Updated 4 years ago
• Henkru / cs-token-vault

  View on GitHub
  In-memory token vault BOF for Cobalt Strike
  ☆149Aug 18, 2022Updated 3 years ago
• Kudaes / Split

  View on GitHub
  Apply a divide and conquer approach to bypass EDRs
  ☆287Oct 19, 2023Updated 2 years ago
• LaresLLC / SlinkyCat

  View on GitHub
  Slinky Cat attempts to give users an easy-to-navigate menu offering predefined Active Directory Service Interfaces (ADSI) and .NET querie…
  ☆80Jul 12, 2023Updated 2 years ago
• snovvcrash / RemoteRegSave

  View on GitHub
  A .NET implementation to dump SAM, SYSTEM, SECURITY registry hives from a remote host
  ☆41Dec 8, 2023Updated 2 years ago
• FlyingPhish / ROADTools-Analyser

  View on GitHub
  This python script performs a number of sqlite queries (mainly password metadata) against sqlite databases (Created by ROADtools) to prov…
  ☆22Jul 3, 2024Updated last year
• techspence / BadShares

  View on GitHub
  A tool to create randomly insecure file shares that also contain unsecured credential files
  ☆48Apr 30, 2024Updated last year