ricardojoserf/NativeTokenImpersonate

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/ricardojoserf/NativeTokenImpersonate)

ricardojoserf / NativeTokenImpersonate

Impersonate Tokens using only NTAPI functions

☆84

Alternatives and similar repositories for NativeTokenImpersonate

Users that are interested in NativeTokenImpersonate are comparing it to the libraries listed below

Sorting:

ricardojoserf / NativeNtdllRemap
View on GitHub
Remap ntdll.dll using only NTAPI functions with a suspended process
☆27Apr 13, 2025Updated 10 months ago
rasta-mouse / LibGate
View on GitHub
A Crystal Palace shared library to resolve & perform syscalls
☆57Oct 29, 2025Updated 4 months ago
nettitude / TokenCert
View on GitHub
TokenCert
☆102Nov 15, 2024Updated last year
iilegacyyii / DataInject-BOF
View on GitHub
Hijacks code execution via overwriting Control Flow Guard pointers in combase.dll
☆137Apr 18, 2025Updated 10 months ago
Friends-Security / RedirectThread
View on GitHub
Playing around with Thread Context Hijacking. Building more evasive primitives to use as alternative for existing process injection techn…
☆199Jun 17, 2025Updated 8 months ago
Allevon412 / SyscallTempering
View on GitHub
☆31Jul 26, 2024Updated last year
klezVirus / RAIWhateverTrigger
View on GitHub
Local SYSTEM auth trigger for relaying - X
☆155Jul 23, 2025Updated 7 months ago
ricardojoserf / BOF_Files
View on GitHub
Repository to gather the BOF files I will be developing
☆11Oct 1, 2024Updated last year
scrt / KexecDDPlus
View on GitHub
Exploiting the KsecDD Windows driver through Server Silos
☆77Nov 11, 2024Updated last year
logangoins / Stifle
View on GitHub
.NET Post-Exploitation Utility for Abusing Strong Explicit Certificate Mappings in ADCS
☆150Feb 10, 2025Updated last year
ColeHouston / theHandler-BOF
View on GitHub
Dump protected process memory by using BYOVD to tamper with handle objects in the kernel.
☆38Aug 5, 2025Updated 7 months ago
NtDallas / OdinLdr
View on GitHub
Cobaltstrike Reflective Loader with Synthetic Stackframe
☆186Jan 17, 2026Updated last month
TierZeroSecurity / killerPID-BOF
View on GitHub
BOF to terminate a process via PID as argument
☆28Sep 7, 2025Updated 5 months ago
EspressoCake / ADIDNS_Parser
View on GitHub
Parser and reconciliation tooling for large Active Directory environments.
☆33Feb 18, 2025Updated last year
scrt / PowerChell
View on GitHub
A PowerShell console in C/C++ with all the security features disabled
☆364Oct 14, 2025Updated 4 months ago
xpn / adfstoolkit
View on GitHub
☆38Jan 7, 2025Updated last year
NtDallas / Draugr
View on GitHub
BOF with Synthetic Stackframe
☆230Oct 30, 2025Updated 4 months ago
Cracked5pider / earlycascade-injection
View on GitHub
early cascade injection PoC based on Outflanks blog post
☆237Nov 7, 2024Updated last year
deepinstinct / DCOMUploadExec
View on GitHub
DCOM Lateral movement POC abusing the IMsiServer interface - uploads and executes a payload remotely
☆382Dec 13, 2024Updated last year
T3nb3w / ComDotNetExploit
View on GitHub
A C++ proof of concept demonstrating the exploitation of Windows Protected Process Light (PPL) by leveraging COM-to-.NET redirection and …
☆334Mar 6, 2025Updated 11 months ago
CodeXTF2 / WebcamBOF
View on GitHub
Webcam capture capability for Cobalt Strike as a BOF, with in-memory download options
☆158Mar 26, 2025Updated 11 months ago
ToweringDragoon / SACL_Scanner
View on GitHub
SACL Scanner is a tool designed to scan and analyze SACLs.
☆51Feb 13, 2025Updated last year
kleiton0x00 / RtlHijack
View on GitHub
Alternative Read and Write primitives using Rtl* functions the unintended way.
☆79Aug 25, 2025Updated 6 months ago
tdeerenberg / InlineWhispers3
View on GitHub
Tool for working with Indirect System Calls in Cobalt Strike's Beacon Object Files (BOF) using SysWhispers3 for EDR evasion
☆102Jul 9, 2025Updated 7 months ago
ZephrFish / QoL-BOFs
View on GitHub
Curated list of public Beacon Object Files(BOFs) build in as submodules for easy cloning
☆137Dec 7, 2025Updated 2 months ago
grayhatkiller / SharpExShell
View on GitHub
SharpExShell automates the DCOM lateral movment technique which abuses ActivateMicrosoftApp method of Excel application.
☆75May 1, 2024Updated last year
ricardojoserf / NativeBypassCredGuard
View on GitHub
Bypass Credential Guard by patching WDigest.dll using only NTAPI functions
☆266Apr 8, 2025Updated 10 months ago
paranoidninja / BRC4-BOF-Artillery
View on GitHub
☆146Nov 6, 2025Updated 3 months ago
boku7 / patchwerk
View on GitHub
BOF that finds all the Nt* system call stubs within NTDLL and overwrites with clean syscall stubs (user land hook evasion)
☆195Feb 6, 2025Updated last year
ipSlav / DirtyCLR
View on GitHub
An App Domain Manager Injection DLL PoC on steroids
☆212Dec 14, 2023Updated 2 years ago
CCob / DRSAT
View on GitHub
Disconnected RSAT - A method of running Group Policy Manager, Certificate Authority and Certificate Templates MMC snap-ins from non-domai…
☆275Dec 27, 2024Updated last year
Kryp7os / SharpRBCD
View on GitHub
An executable that simplifies adding the msds-AllowedToActOnBehalfOfOtherIdentity attribute for RBCD
☆49Mar 10, 2025Updated 11 months ago
NetSPI / BOF-PE
View on GitHub
An example reference design for a proposed BOF PE
☆200Jan 23, 2026Updated last month
0xflux / Vectored-Exception-Handling-Squared
View on GitHub
Vectored Exception Handling Squared
☆29Dec 27, 2025Updated 2 months ago
VoldeSec / PatchlessCLRLoader
View on GitHub
.NET assembly loader with patchless AMSI and ETW bypass
☆368Apr 19, 2023Updated 2 years ago
rad9800 / FileRenameJunctionsEDRDisable
View on GitHub
☆159Dec 13, 2024Updated last year
decoder-it / KrbRelay-SMBServer
View on GitHub
☆234Oct 8, 2024Updated last year
vxCrypt0r / AMSI_VEH
View on GitHub
A Powershell AMSI Bypass technique via Vectored Exception Handler (VEH). This technique does not perform assembly instruction patching, f…
☆169May 30, 2024Updated last year
NtDallas / Svartalfheim
View on GitHub
Stage 0
☆169Dec 18, 2024Updated last year