ricardojoserf/w11_shadow_copies external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

ricardojoserf/w11_shadow_copies

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/ricardojoserf/w11_shadow_copies)

Close

ricardojoserf / w11_shadow_copiesView on GitHubMore

• External links
• Readme badge

Manage Shadows Copies via the VSS API using C#, C++, Crystal or Python. Working on Windows 11

☆84Jan 26, 2026Updated last month

Alternatives and similar repositories for w11_shadow_copies

Users that are interested in w11_shadow_copies are comparing it to the libraries listed below

• Octoberfest7 / ThreadCPUAssignment_POC

  View on GitHub
  A small experiment on assigning a processes threads a specific CPU and then blocking it with a high priority thread
  ☆30Sep 24, 2025Updated 5 months ago
• ghostvectoracademy / DLLHijackHunter

  View on GitHub
  Automated DLL Hijacking Detection Tool with Zero False Positives — Discovers, filters, and canary-confirms exploitable DLL hijacks on Win…
  ☆135Updated this week
• 0xTriboulet / emerald_template

  View on GitHub
  A cmake template for crystal palace
  ☆39Dec 20, 2025Updated 2 months ago
• ricardojoserf / BOF_Files

  View on GitHub
  Repository to gather the BOF files I will be developing
  ☆11Oct 1, 2024Updated last year
• garrettfoster13 / CVE-2025-59501

  View on GitHub
  CVE-2025-59501 POC code
  ☆25Nov 20, 2025Updated 3 months ago
• bohops / COM-to-the-Darkside

  View on GitHub
  Slides and resources from MCTTP 2025 Talk
  ☆66Oct 26, 2025Updated 4 months ago
• ricardojoserf / NativeTokenImpersonate

  View on GitHub
  Impersonate Tokens using only NTAPI functions
  ☆84Apr 4, 2025Updated 11 months ago
• TierZeroSecurity / killerPID-BOF

  View on GitHub
  BOF to terminate a process via PID as argument
  ☆28Sep 7, 2025Updated 6 months ago
• ofasgard / execute-assembly-pico

  View on GitHub
  A PICO for Crystal Palace that implements CLR hosting to execute a .NET assembly in memory.
  ☆128Jan 28, 2026Updated last month
• ricardojoserf / SAMDump

  View on GitHub
  Extract the SAM and SYSTEM hives using the Volume Shadow Copy (VSS) API. With exfiltration and XOR obfuscation options. Implemented in C#…
  ☆341Feb 2, 2026Updated last month
• Kryp7os / SharpRBCD

  View on GitHub
  An executable that simplifies adding the msds-AllowedToActOnBehalfOfOtherIdentity attribute for RBCD
  ☆49Mar 10, 2025Updated 11 months ago
• ricardojoserf / SharpObfuscate

  View on GitHub
  Obfuscate payloads using IPv4, IPv6, MAC or UUID strings
  ☆23Feb 17, 2024Updated 2 years ago
• OsandaMalith / CallbackShellcode

  View on GitHub
  Executing Shellcode with ReadDirectoryChanges’s Hidden Callback
  ☆30Oct 13, 2025Updated 4 months ago
• ricardojoserf / AddUser-SAMR

  View on GitHub
  Create local administrators with the SAMR API (lowest-level technique). Implemented in C#, Crystal, Python and Rust
  ☆57Jan 27, 2026Updated last month
• Xenov-X / csbot

  View on GitHub
  Golang Automation Framework for Cobalt Strike using the Rest API
  ☆56Dec 4, 2025Updated 3 months ago
• 0xTriboulet / InlineExecuteEx

  View on GitHub
  A BOF that's a BOF Loader and more
  ☆199Jan 17, 2026Updated last month
• mandiant / cleanldap

  View on GitHub
  ☆171Oct 21, 2025Updated 4 months ago
• outflanknl / regcertipy

  View on GitHub
  Parses cached certificate templates from a Windows Registry file and displays them in the same style as Certipy does
  ☆95Jul 3, 2025Updated 8 months ago
• kfallahi / NTLMPasswordChanger

  View on GitHub
  PowerShell tool that shows how to read and write NTLM OWF values via samlib.dll.
  ☆72Oct 22, 2025Updated 4 months ago
• logangoins / BadTakeover-BOF

  View on GitHub
  Beacon Object File (BOF) for Using the BadSuccessor Technique for Account Takeover
  ☆86Oct 20, 2025Updated 4 months ago
• WKL-Sec / slack-udc2

  View on GitHub
  Cobalt Strike UDC2 implementation that provides an Slack C2 channel
  ☆63Jan 5, 2026Updated 2 months ago
• leftp / SharpPXE

  View on GitHub
  A C# tool for extracting information from SCCM PXE boot media.
  ☆51Jan 14, 2026Updated last month
• sliverarmory / beignet

  View on GitHub
  MacOS Shared Library to Shellcode Loader
  ☆54Feb 23, 2026Updated 2 weeks ago
• atomiczsec / Adrenaline

  View on GitHub
  Collection of BOFs created for red team/adversary engagements. Created to be small and interchangeable, for quick recon or eventing.
  ☆240Feb 20, 2026Updated 2 weeks ago
• decoder-it / NewMachineAccount

  View on GitHub
  ☆38Feb 26, 2025Updated last year
• incursi0n / ClipboardStealBOF

  View on GitHub
  An alternative to the builtin clipboard feature in Cobalt Strike that adds the capability to enable/disable and dump the clipboard histor…
  ☆103Jan 9, 2026Updated 2 months ago
• MayerDaniel / the-one-wsl-bof

  View on GitHub
  One WSL BOF to rule them all
  ☆159Jan 14, 2026Updated last month
• ricardojoserf / SharpNado

  View on GitHub
  Repository to gather the .NET malware I will be developing
  ☆18Mar 23, 2025Updated 11 months ago
• MaangoTaachyon / SelfDeletion-Updated

  View on GitHub
  Updated version of a long known self deletion technique to work with 24H2.
  ☆61Jun 9, 2025Updated 9 months ago
• lsecqt / SessionView

  View on GitHub
  A portable C# utility for enumerating local and remote windows sessions
  ☆56Jan 1, 2026Updated 2 months ago
• Maldev-Academy / TrapFlagForSyscalling

  View on GitHub
  Bypass user-land hooks by syscall tampering via the Trap Flag
  ☆138Aug 25, 2025Updated 6 months ago
• rad9800 / BootExecuteEDR

  View on GitHub
  ☆409Dec 8, 2024Updated last year
• ricardojoserf / NativeNtdllRemap

  View on GitHub
  Remap ntdll.dll using only NTAPI functions with a suspended process
  ☆27Apr 13, 2025Updated 10 months ago
• ameenalkerdy / ETWShellcodeLoader

  View on GitHub
  Shellcode Loader Utilizing ETW Events
  ☆66Feb 26, 2025Updated last year
• cirosec / warbird-demos

  View on GitHub
  ☆49Nov 7, 2024Updated last year
• EvilBytecode / NoMoreStealers

  View on GitHub
  NoMoreStealers is a Windows file system minifilter driver that protects sensitive user data from untrusted processes.
  ☆97Nov 7, 2025Updated 4 months ago
• 0x3rhy / BypassCredGuard-BOF

  View on GitHub
  BypassCredGuard CS BOF
  ☆51Jan 23, 2025Updated last year
• ShigShag / AMSI-Bypass-via-Page-Guard-Exceptions

  View on GitHub
  Shellcode and In-PowerShell solution for patching AMSI via Page Guard Exceptions
  ☆63Nov 15, 2025Updated 3 months ago
• decoder-it / printerbugnew

  View on GitHub
  The DCERPC only printerbug.py version
  ☆206Oct 30, 2025Updated 4 months ago