sec-consult/msiscan

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/sec-consult/msiscan)

sec-consult / msiscan

Scanning tool for identifying local privilege escalation issues in vulnerable MSI installers

☆126

Alternatives and similar repositories for msiscan

Users that are interested in msiscan are comparing it to the libraries listed below

Sorting:

deh00ni / NtDumpBOF
View on GitHub
☆100Sep 1, 2024Updated last year
REDMED-X / InjectKit
View on GitHub
Modified versions of the Cobalt Strike Process Injection Kit
☆106Jan 24, 2024Updated 2 years ago
decoder-it / KrbRelay-SMBServer
View on GitHub
☆234Oct 8, 2024Updated last year
CICADA8-Research / RemoteKrbRelay
View on GitHub
Remote Kerberos Relay made easy! Advanced Kerberos Relay Framework
☆637May 8, 2025Updated 9 months ago
Offensive-Panda / LsassReflectDumping
View on GitHub
This tool leverages the Process Forking technique using the RtlCreateProcessReflection API to clone the lsass.exe process. Once the clone…
☆215Oct 19, 2024Updated last year
OOAFA / squeegee
View on GitHub
A collection of tools using OCR to extract potential usernames from RDP screenshots.
☆30Apr 15, 2024Updated last year
Mayyhem / Maestro
View on GitHub
Abusing Azure services over C2
☆367Jan 20, 2026Updated last month
BlackSnufkin / NyxInvoke
View on GitHub
NyxInvoke is a Rust CLI tool for running .NET assemblies, PowerShell, and BOFs with Patchless AMSI and ETW bypass features. with Dual-bui…
☆232Feb 12, 2025Updated last year
JanielDary / ImmoralFiber
View on GitHub
Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) Phan…
☆283Sep 18, 2024Updated last year
synacktiv / captaincredz
View on GitHub
CaptainCredz is a modular and discreet password-spraying tool.
☆134Jul 22, 2025Updated 7 months ago
WKL-Sec / LayeredSyscall
View on GitHub
Generating legitimate call stack frame along with indirect syscalls by abusing Vectored Exception Handling (VEH) to bypass User-Land EDR …
☆298Jul 31, 2024Updated last year
nbaertsch / AutoAppDomainHijack
View on GitHub
Automated .NET AppDomain hijack payload generation
☆129Feb 4, 2025Updated last year
Octoberfest7 / enumhandles_BOF
View on GitHub
☆126Sep 1, 2024Updated last year
Friends-Security / SharpExclusionFinder
View on GitHub
Tool designed to find folder exclusions using Windows Defender using command line utility MpCmdRun.exe as a low privileged user, without …
☆230Oct 6, 2024Updated last year
xpn / CloudInject
View on GitHub
☆121Nov 21, 2024Updated last year
mlcsec / EDRenum-BOF
View on GitHub
Identify common EDR processes, directories, and services. Simple BOF of Invoke-EDRChecker.
☆128Oct 4, 2024Updated last year
joe-desimone / rep-research
View on GitHub
☆79Aug 5, 2024Updated last year
WKL-Sec / dcomhijack
View on GitHub
Lateral Movement Using DCOM and DLL Hijacking
☆325Jun 18, 2023Updated 2 years ago
ibaiC / FriendlyFireBOF
View on GitHub
A BOF that suspends non-GUI threads for a target process or resumes them resulting in stealthy process silencing.
☆57Apr 14, 2025Updated 10 months ago
klezVirus / koppeling-p
View on GitHub
Adaptive DLL hijacking / dynamic export forwarding - EAT preserve
☆79Aug 5, 2024Updated last year
naksyn / DojoLoader
View on GitHub
Generic PE loader for fast prototyping evasion techniques
☆244Jul 2, 2024Updated last year
KingOfTheNOPs / Get-NetNTLM
View on GitHub
Internal Monologue BOF
☆79Dec 28, 2024Updated last year
fortra / No-Consolation
View on GitHub
A BOF that runs unmanaged PEs inline
☆681Oct 23, 2024Updated last year
synacktiv / SCCMSecrets
View on GitHub
SCCMSecrets.py aims at exploiting SCCM policies distribution for credentials harvesting, initial access and lateral movement.
☆261Nov 22, 2025Updated 3 months ago
NtDallas / KrakenMask
View on GitHub
Sleep obfuscation
☆268Dec 13, 2024Updated last year
Slowerzs / PPLSystem
View on GitHub
☆201May 29, 2024Updated last year
mr-r3bot / bof-modules
View on GitHub
BOF for C2 framework
☆44Nov 9, 2024Updated last year
passthehashbrowns / VectoredExceptionHandling
View on GitHub
☆108Aug 21, 2024Updated last year
Octoberfest7 / Enumprotections_BOF
View on GitHub
A BOF to enumerate system process, their protection levels, and more.
☆125Nov 27, 2024Updated last year
zyn3rgy / smbtakeover
View on GitHub
BOF and Python3 implementation of technique to unbind 445/tcp on Windows via SCM interactions
☆345Nov 19, 2024Updated last year
0xsp-SRD / MDE_Enum
View on GitHub
comprehensive .NET tool designed to extract and display detailed information about Windows Defender exclusions and Attack Surface Reducti…
☆211Jun 10, 2024Updated last year
xforcered / ForsHops
View on GitHub
ForsHops
☆152Mar 25, 2025Updated 11 months ago
ZephrFish / QoL-BOFs
View on GitHub
Curated list of public Beacon Object Files(BOFs) build in as submodules for easy cloning
☆137Dec 7, 2025Updated 2 months ago
SpecterOps / cred1py
View on GitHub
A Python POC for CRED1 over SOCKS5
☆165Oct 5, 2024Updated last year
ibaiC / SafeHarbor-BOF
View on GitHub
Safe Harbor is a BOF that streamlines process reconnaissance for red team operations by identifying trusted, low-noise targets to maintai…
☆76Oct 27, 2025Updated 4 months ago
MayerDaniel / profiler-lateral-movement
View on GitHub
Lateral Movement via the .NET Profiler
☆100Nov 21, 2024Updated last year
CCob / DRSAT
View on GitHub
Disconnected RSAT - A method of running Group Policy Manager, Certificate Authority and Certificate Templates MMC snap-ins from non-domai…
☆275Dec 27, 2024Updated last year
rasta-mouse / Crystal-Loaders
View on GitHub
A small collection of Crystal Palace PIC loaders designed for use with Cobalt Strike
☆185Oct 29, 2025Updated 4 months ago
mlcsec / SigFinder
View on GitHub
Identify binaries with Authenticode digital signatures signed to an internal CA/domain
☆40Feb 6, 2024Updated 2 years ago