padovah4ck/PSByPassCLM

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/padovah4ck/PSByPassCLM)

padovah4ck / PSByPassCLM

Bypass for PowerShell Constrained Language Mode

☆406

Alternatives and similar repositories for PSByPassCLM

Users that are interested in PSByPassCLM are comparing it to the libraries listed below

Sorting:

calebstewart / bypass-clm
View on GitHub
PowerShell Constrained Language Mode Bypass
☆294Jan 31, 2021Updated 5 years ago
Mr-Un1k0d3r / SCShell
View on GitHub
Fileless lateral movement tool that relies on ChangeServiceConfigA to run command
☆1,607Jul 10, 2023Updated 2 years ago
antonioCoco / RunasCs
View on GitHub
RunasCs - Csharp and open version of windows builtin runas.exe
☆1,344Jul 12, 2024Updated last year
S3cur3Th1sSh1t / PowerSharpPack
View on GitHub
☆1,674Apr 14, 2025Updated 10 months ago
Flangvik / NetLoader
View on GitHub
Loads any C# binary in mem, patching AMSI + ETW.
☆839Oct 3, 2021Updated 4 years ago
rvazarkar / GMSAPasswordReader
View on GitHub
☆257Feb 17, 2023Updated 3 years ago
hausec / Bloodhound-Custom-Queries
View on GitHub
Custom Query list for the Bloodhound GUI based off my cheatsheet
☆837Oct 29, 2025Updated 4 months ago
eladshamir / Whisker
View on GitHub
Whisker is a C# tool for taking over Active Directory user and computer accounts by manipulating their msDS-KeyCredentialLink attribute, …
☆932Nov 11, 2024Updated last year
Kevin-Robertson / Powermad
View on GitHub
PowerShell MachineAccountQuota and DNS exploit tools
☆1,438Jan 11, 2023Updated 3 years ago
S3cur3Th1sSh1t / Amsi-Bypass-Powershell
View on GitHub
This repo contains some Amsi Bypass methods i found on different Blog Posts.
☆2,130Nov 28, 2024Updated last year
antonioCoco / RoguePotato
View on GitHub
Another Windows Local Privilege Escalation from Service Account to System
☆1,158Jan 9, 2021Updated 5 years ago
antonioCoco / RogueWinRM
View on GitHub
Windows Local Privilege Escalation from Service Account to System
☆917Feb 23, 2020Updated 6 years ago
dirkjanm / krbrelayx
View on GitHub
Kerberos relaying and unconstrained delegation abuse toolkit
☆1,549Jan 27, 2025Updated last year
mgeeky / cobalt-arsenal
View on GitHub
My collection of battle-tested Aggressor Scripts for Cobalt Strike 4.0+
☆1,097Apr 19, 2023Updated 2 years ago
skahwah / SQLRecon
View on GitHub
A C# MS SQL toolkit designed for offensive reconnaissance and post-exploitation.
☆783Oct 16, 2025Updated 4 months ago
0xthirteen / SharpMove
View on GitHub
.NET Project for performing Authenticated Remote Execution
☆406Feb 8, 2023Updated 3 years ago
leechristensen / SpoolSample
View on GitHub
PoC tool to coerce Windows hosts authenticate to other machines via the MS-RPRN RPC interface. This is possible via other protocols as w…
☆1,093May 29, 2024Updated last year
tevora-threat / SharpView
View on GitHub
C# implementation of harmj0y's PowerView
☆1,086Mar 22, 2024Updated last year
cube0x0 / SharpSystemTriggers
View on GitHub
Collection of remote authentication triggers in C#
☆524May 15, 2024Updated last year
mgeeky / Stracciatella
View on GitHub
OpSec-safe Powershell runspace from within C# (aka SharpPick) with AMSI, Constrained Language Mode and Script Block Logging disabled at s…
☆537Sep 18, 2022Updated 3 years ago
tothi / rbcd-attack
View on GitHub
Kerberos Resource-Based Constrained Delegation Attack from Outside using Impacket
☆614Aug 15, 2025Updated 6 months ago
cube0x0 / KrbRelay
View on GitHub
Framework for Kerberos relaying
☆936May 29, 2022Updated 3 years ago
FuzzySecurity / StandIn
View on GitHub
StandIn is a small .NET35/45 AD post-exploitation toolkit
☆839Dec 2, 2023Updated 2 years ago
mdsecactivebreach / SharpShooter
View on GitHub
Payload Generation Framework
☆1,971Aug 21, 2024Updated last year
outflanknl / Dumpert
View on GitHub
LSASS memory dumper using direct system calls and API unhooking.
☆1,576Jan 5, 2021Updated 5 years ago
Aetsu / OffensivePipeline
View on GitHub
OfensivePipeline allows you to download and build C# tools, applying certain modifications in order to improve their evasion for Red Team…
☆819Oct 27, 2023Updated 2 years ago
RedCursorSecurityConsulting / PPLKiller
View on GitHub
Tool to bypass LSA Protection (aka Protected Process Light)
☆989Dec 4, 2022Updated 3 years ago
itm4n / FullPowers
View on GitHub
Recover the default privilege set of a LOCAL/NETWORK SERVICE account
☆674May 3, 2020Updated 5 years ago
CCob / SweetPotato
View on GitHub
Local Service to SYSTEM privilege escalation from Windows 7 to Windows 10 / Server 2019
☆1,811Sep 4, 2024Updated last year
Flangvik / BetterSafetyKatz
View on GitHub
Fork of SafetyKatz that dynamically fetches the latest pre-compiled release of Mimikatz directly from gentilkiwi GitHub repo, runtime pat…
☆879Mar 29, 2021Updated 4 years ago
mandiant / SharPersist
View on GitHub
☆1,531Aug 11, 2023Updated 2 years ago
rvrsh3ll / Rubeus-Rundll32
View on GitHub
Run Rubeus via Rundll32
☆207Apr 25, 2020Updated 5 years ago
NotMedic / NetNTLMtoSilverTicket
View on GitHub
SpoolSample -> Responder w/NetNTLM Downgrade -> NetNTLMv1 -> NTLM -> Kerberos Silver Ticket
☆929Jul 26, 2021Updated 4 years ago
med0x2e / NoAmci
View on GitHub
Using DInvoke to patch AMSI.dll in order to bypass AMSI detections triggered when loading .NET tradecraft via Assembly.Load().
☆219Mar 5, 2020Updated 6 years ago
S3cur3Th1sSh1t / Invoke-SharpLoader
View on GitHub
☆360Apr 24, 2021Updated 4 years ago
decoder-it / powershellveryless
View on GitHub
Constrained Language Mode + AMSI bypass all in one
☆156Jul 29, 2019Updated 6 years ago
samratashok / ADModule
View on GitHub
Microsoft signed ActiveDirectory PowerShell module
☆1,007Oct 3, 2019Updated 6 years ago
matterpreter / OffensiveCSharp
View on GitHub
Collection of Offensive C# Tooling
☆1,469Feb 6, 2023Updated 3 years ago
RythmStick / AMSITrigger
View on GitHub
The Hunt for Malicious Strings
☆1,365May 13, 2025Updated 9 months ago