Alternatives and similar repositories for LogonCredentialsSteal

Users that are interested in LogonCredentialsSteal are comparing it to the libraries listed below

• aaaddress1 / sakeInject

  View on GitHub
  Windows PE - TLS (Thread Local Storage) Injector in C/C++
  ☆107Jan 3, 2021Updated 5 years ago
• m4ul3r / malware

  View on GitHub
  malware written for educational purposes
  ☆71Dec 31, 2025Updated last month
• wh0amitz / KRBUACBypass

  View on GitHub
  UAC Bypass By Abusing Kerberos Tickets
  ☆508Aug 10, 2023Updated 2 years ago
• pkb1s / SharpRelay

  View on GitHub
  ☆180Feb 3, 2021Updated 5 years ago
• ipSlav / DirtyCLR

  View on GitHub
  An App Domain Manager Injection DLL PoC on steroids
  ☆210Dec 14, 2023Updated 2 years ago
• zimnyaa / grpcssh

  View on GitHub
  A simple reverse ssh/proxy implant PoC for *nix systems.
  ☆57Jul 5, 2024Updated last year
• Tw1sm / SQL-BOF

  View on GitHub
  Library of BOFs to interact with SQL servers
  ☆222Dec 3, 2025Updated 2 months ago
• icyguider / LatLoader

  View on GitHub
  PoC module to demonstrate automated lateral movement with the Havoc C2 framework.
  ☆307Dec 9, 2023Updated 2 years ago
• BambiZombie / ThreadlessSpawn

  View on GitHub
  A Simple PoC
  ☆22May 24, 2024Updated last year
• vysecurity / OffensiveLAM

  View on GitHub
  A Large Action Model designed to operate on MacOS or Windows which interacts with common C2 interfaces such as Cobalt Strike, Havoc, or B…
  ☆26Feb 29, 2024Updated last year
• rkbennett / icmpsh

  View on GitHub
  Simple reverse ICMP shell
  ☆14Apr 30, 2024Updated last year
• delivr-to / MailCollector

  View on GitHub
  A .NET 4.8 application to retrieve delivr.to emails from Microsoft Outlook via COM
  ☆20Jul 19, 2025Updated 6 months ago
• boku7 / spawn

  View on GitHub
  Cobalt Strike BOF that spawns a sacrificial process, injects it with shellcode, and executes payload. Built to evade EDR/UserLand hooks b…
  ☆469Mar 8, 2023Updated 2 years ago
• LloydLabs / process-enumeration-stealth

  View on GitHub
  ☆83Aug 26, 2024Updated last year
• michaelweber / CSharpSourceObfuscator

  View on GitHub
  A C# Solution Source Obfuscator for avoiding AV signatures with minimal user interaction. Powered by the Roslyn C# library.
  ☆99Mar 25, 2025Updated 10 months ago
• outflanknl / SharpHide

  View on GitHub
  Tool to create hidden registry keys.
  ☆491Oct 23, 2019Updated 6 years ago
• 0xEr3bus / PoolPartyBof

  View on GitHub
  A beacon object file implementation of PoolParty Process Injection Technique.
  ☆432Dec 21, 2023Updated 2 years ago
• lexfo / rpc2socks

  View on GitHub
  Post-exploit tool that enables a SOCKS tunnel via a Windows host using an extensible custom RPC proto over SMB through a named pipe.
  ☆191Mar 4, 2021Updated 4 years ago
• 200ug / airborne

  View on GitHub
  Shellcode reflective DLL injection in Rust
  ☆27Dec 26, 2025Updated last month
• 0xthirteen / SharpMove

  View on GitHub
  .NET Project for performing Authenticated Remote Execution
  ☆406Feb 8, 2023Updated 3 years ago
• naksyn / Embedder

  View on GitHub
  Embedder is a collection of sources in different languages to embed Python interpreter with minimal dependencies
  ☆123May 29, 2024Updated last year
• Xre0uS / MultiDump

  View on GitHub
  MultiDump is a post-exploitation tool for dumping and extracting LSASS memory discreetly.
  ☆537Nov 14, 2025Updated 2 months ago
• ionescu007 / faxhell

  View on GitHub
  A Bind Shell Using the Fax Service and a DLL Hijack
  ☆331May 3, 2020Updated 5 years ago
• checkymander / sshiva

  View on GitHub
  C# application that allows you to quick run SSH commands against a host or list of hosts
  ☆42Sep 21, 2020Updated 5 years ago
• farfella / in-memory-cpython

  View on GitHub
  An In-memory Embedding of CPython
  ☆31May 24, 2021Updated 4 years ago
• BlackSnufkin / NyxInvoke

  View on GitHub
  NyxInvoke is a Rust CLI tool for running .NET assemblies, PowerShell, and BOFs with Patchless AMSI and ETW bypass features. with Dual-bui…
  ☆231Feb 12, 2025Updated last year
• Mr-Un1k0d3r / SCShell

  View on GitHub
  Fileless lateral movement tool that relies on ChangeServiceConfigA to run command
  ☆1,594Jul 10, 2023Updated 2 years ago
• praetorian-inc / PortBender

  View on GitHub
  TCP Port Redirection Utility
  ☆760Jan 31, 2023Updated 3 years ago
• netero1010 / GhostTask

  View on GitHub
  A tool employs direct registry manipulation to create scheduled tasks without triggering the usual event logs.
  ☆609Jan 2, 2025Updated last year
• outflanknl / FindObjects-BOF

  View on GitHub
  A Cobalt Strike Beacon Object File (BOF) project which uses direct system calls to enumerate processes for specific loaded modules or pro…
  ☆275May 3, 2023Updated 2 years ago
• octopwn / wsnet-dotnet

  View on GitHub
  ☆12Jan 7, 2025Updated last year
• VoldeSec / PatchlessCLRLoader

  View on GitHub
  .NET assembly loader with patchless AMSI and ETW bypass
  ☆366Apr 19, 2023Updated 2 years ago
• susMdT / AceLdr

  View on GitHub
  Cobalt Strike UDRL for memory scanner evasion.
  ☆52Dec 4, 2023Updated 2 years ago
• FSecureLABS / SharpClipHistory

  View on GitHub
  SharpClipHistory is a .NET application written in C# that can be used to read the contents of a user's clipboard history in Windows 10 st…
  ☆200Jan 23, 2020Updated 6 years ago
• med0x2e / ExecuteAssembly

  View on GitHub
  Load/Inject .NET assemblies by; reusing the host (spawnto) process loaded CLR AppDomainManager, Stomping Loader/.NET assembly PE DOS head…
  ☆595Jul 26, 2021Updated 4 years ago
• wavvs / nanorobeus

  View on GitHub
  COFF file (BOF) for managing Kerberos tickets.
  ☆321Jul 2, 2023Updated 2 years ago
• Ridter / atexec-pro

  View on GitHub
  Fileless atexec, no more need for port 445
  ☆404Mar 28, 2024Updated last year
• praetorian-inc / goffloader

  View on GitHub
  A Go implementation of Cobalt Strike style BOF/COFF loaders.
  ☆265Feb 22, 2025Updated 11 months ago
• Mr-Un1k0d3r / Cookie-and-Handle-Stealer

  View on GitHub
  C or BOF file to extract WebKit master key to decrypt user cookie
  ☆207Apr 29, 2024Updated last year