sensepost / impersonate
A windows token impersonation tool
☆296Updated last year
Alternatives and similar repositories for impersonate:
Users that are interested in impersonate are comparing it to the libraries listed below
- A Stealthy Lsass Dumper - can abuse ProcExp152.sys driver to dump PPL Lsass, no dbghelp.lib calls.☆319Updated 2 years ago
- ☆375Updated 2 years ago
- This are different types of download cradles which should be an inspiration to play and create new download cradles to bypass AV/EPP/EDR …☆257Updated 2 years ago
- Dump lsass using only NTAPI functions by hand-crafting Minidump files (without MiniDumpWriteDump!!!)☆578Updated 3 months ago
- Recovering NTLM hashes from Credential Guard☆334Updated 2 years ago
- Generate BloodHound compatible JSON from logs written by ldapsearch BOF, pyldapsearch and Brute Ratel's LDAP Sentinel☆322Updated last year
- DavRelayUp - a universal no-fix local privilege escalation in domain-joined windows workstations where LDAP signing is not enforced (the …☆540Updated last year
- DPAPI looting remotely and locally in Python☆448Updated last month
- Bypass AMSI by patching AmsiScanBuffer☆259Updated 3 years ago
- A new AMSI Bypass technique using .NET ALI Call Hooking.☆187Updated 2 years ago
- Dump the memory of any PPL with a Userland exploit chain☆333Updated 2 years ago
- ☆376Updated 6 months ago
- Dump lsass using only NTAPI functions creating 3 JSON and 1 ZIP file... and generate the MiniDump file later!☆438Updated last month
- An in-depth approach to obfuscating the individual components of a PowerShell payload whether you're on Windows or Kali Linux.☆267Updated 2 years ago
- A CobaltStrike toolkit to write files produced by Beacon to memory instead of disk☆452Updated 8 months ago
- A User Impersonation tool - via Token or Shellcode injection☆412Updated 2 years ago
- Payload Loader With Evasion Features☆315Updated 2 years ago
- Extracting NetNTLM without touching lsass.exe☆235Updated last year
- Collection of remote authentication triggers in C#☆477Updated 10 months ago
- Patching AmsiOpenSession by forcing an error branching☆145Updated last year
- Various resources to enhance Cobalt Strike's functionality and its ability to evade antivirus/EDR detection☆286Updated 10 months ago
- Kill AV/EDR leveraging BYOVD attack☆344Updated last year
- Modules used by the Havoc Framework☆228Updated 9 months ago
- Creating a repository with all public Beacon Object Files (BoFs)☆468Updated last year
- XLL Phishing Tradecraft☆412Updated 2 years ago
- COM Hijacking VOODOO☆271Updated 3 weeks ago
- Lifetime AMSI bypass by @ZeroMemoryEx ported to .NET Framework 4.8☆349Updated 7 months ago
- Reduce Entropy And Obfuscate Youre Payload With Serialized Linked Lists☆423Updated last year
- Amsi Bypass payload that works on Windwos 11☆375Updated last year
- A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate, integrate, and enhance Cobalt Strike's evasion features!☆324Updated 8 months ago