ricardojoserf / w11_shadow_copiesView external linksLinks
Manage Shadows Copies via the VSS API using C#, C++, Crystal or Python. Working on Windows 11
☆81Jan 26, 2026Updated 3 weeks ago
Alternatives and similar repositories for w11_shadow_copies
Users that are interested in w11_shadow_copies are comparing it to the libraries listed below
Sorting:
- A small experiment on assigning a processes threads a specific CPU and then blocking it with a high priority thread☆30Sep 24, 2025Updated 4 months ago
- CVE-2025-59501 POC code☆25Nov 20, 2025Updated 2 months ago
- Repository to gather the BOF files I will be developing☆11Oct 1, 2024Updated last year
- A cmake template for crystal palace☆38Dec 20, 2025Updated last month
- Slides and resources from MCTTP 2025 Talk☆66Oct 26, 2025Updated 3 months ago
- Impersonate Tokens using only NTAPI functions☆83Apr 4, 2025Updated 10 months ago
- Extract SAM and SYSTEM using Volume Shadow Copy (VSS) API. With multiple exfiltration options and XOR obfuscation☆336Feb 2, 2026Updated 2 weeks ago
- A PICO for Crystal Palace that implements CLR hosting to execute a .NET assembly in memory.☆128Jan 28, 2026Updated 2 weeks ago
- BOF to terminate a process via PID as argument☆28Sep 7, 2025Updated 5 months ago
- An executable that simplifies adding the msds-AllowedToActOnBehalfOfOtherIdentity attribute for RBCD☆49Mar 10, 2025Updated 11 months ago
- ☆164Oct 21, 2025Updated 3 months ago
- Executing Shellcode with ReadDirectoryChanges’s Hidden Callback☆29Oct 13, 2025Updated 4 months ago
- Obfuscate payloads using IPv4, IPv6, MAC or UUID strings☆23Feb 17, 2024Updated last year
- Create local administrators with the SAMR API (lowest-level technique). Implemented in C#, Python, Rust and Crystal☆52Jan 27, 2026Updated 2 weeks ago
- Golang Automation Framework for Cobalt Strike using the Rest API☆55Dec 4, 2025Updated 2 months ago
- A BOF that's a BOF Loader and more☆196Jan 17, 2026Updated 3 weeks ago
- A C# tool for extracting information from SCCM PXE boot media.☆45Jan 14, 2026Updated last month
- Parses cached certificate templates from a Windows Registry file and displays them in the same style as Certipy does☆94Jul 3, 2025Updated 7 months ago
- PowerShell tool that shows how to read and write NTLM OWF values via samlib.dll.☆72Oct 22, 2025Updated 3 months ago
- Beacon Object File (BOF) for Using the BadSuccessor Technique for Account Takeover☆85Oct 20, 2025Updated 3 months ago
- Collection of BOFs created for red team/adversary engagements. Created to be small and interchangeable, for quick recon or eventing.☆234Feb 9, 2026Updated last week
- Cobalt Strike UDC2 implementation that provides an Slack C2 channel☆60Jan 5, 2026Updated last month
- ☆38Feb 26, 2025Updated 11 months ago
- An alternative to the builtin clipboard feature in Cobalt Strike that adds the capability to enable/disable and dump the clipboard histor…☆102Jan 9, 2026Updated last month
- A portable C# utility for enumerating local and remote windows sessions☆54Jan 1, 2026Updated last month
- Repository to gather the .NET malware I will be developing☆18Mar 23, 2025Updated 10 months ago
- Updated version of a long known self deletion technique to work with 24H2.☆61Jun 9, 2025Updated 8 months ago
- Bypass user-land hooks by syscall tampering via the Trap Flag☆139Aug 25, 2025Updated 5 months ago
- Linux Shared Library to Shellcode Loader☆59Feb 7, 2026Updated last week
- Remap ntdll.dll using only NTAPI functions with a suspended process☆27Apr 13, 2025Updated 10 months ago
- Shellcode Loader Utilizing ETW Events☆67Feb 26, 2025Updated 11 months ago
- NoMoreStealers is a Windows file system minifilter driver that protects sensitive user data from untrusted processes.☆94Nov 7, 2025Updated 3 months ago
- ☆44Nov 7, 2024Updated last year
- The DCERPC only printerbug.py version☆201Oct 30, 2025Updated 3 months ago
- BypassCredGuard CS BOF☆49Jan 23, 2025Updated last year
- Tool to obtain hash using MS-SNTP for user accounts☆28Jan 22, 2025Updated last year
- Shellcode and In-PowerShell solution for patching AMSI via Page Guard Exceptions☆63Nov 15, 2025Updated 3 months ago
- DLL proxy load example using the Windows thread pool API, I/O completion callback with named pipes, and C++/assembly☆63Mar 19, 2024Updated last year
- Comprehensive Windows Syscall Extraction & Analysis Framework☆161Aug 30, 2025Updated 5 months ago