toneillcodes/PowerDPAPI

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/toneillcodes/PowerDPAPI)

toneillcodes / PowerDPAPI

Offensive toolkit and BloodHound graph creator for DPAPI blobs and master key files

☆14

Alternatives and similar repositories for PowerDPAPI

Users that are interested in PowerDPAPI are comparing it to the libraries listed below

Sorting:

dfirdeferred / Create-Vulnerable-ADDS
View on GitHub
Installs ADDS and configures a vulnerable domain via a powershell script
☆12Jul 13, 2023Updated 2 years ago
mochabyte0x / TrampoLatte
View on GitHub
A proof of concept AMSI & ETW bypass using trampolines for hooking and modifying execution flow
☆18Jun 26, 2025Updated 8 months ago
phishingclub / session-sushi
View on GitHub
Zero dependency browser extension for handling import of cookies, Microsoft 365 OAuth tokens, and Graph API interactions.
☆23Feb 26, 2026Updated last week
oliveirt / cActiveDirectorySecurity
View on GitHub
The cActiveDirectorySecurity module contains PowerShell Functions which are designed to report on and manipulate Access Control Lists on …
☆11Aug 31, 2018Updated 7 years ago
Fudgedotdotdot / nimpersonate
View on GitHub
Impersonate Windows tokens in Nim
☆23Aug 4, 2025Updated 7 months ago
jakehildreth / PSCertutil
View on GitHub
A PowerShell wrapper for certutil.exe
☆20Feb 21, 2026Updated last week
TheManticoreProject / SIDTool
View on GitHub
A cross-platform tool to work with Security Identifiers (SID) formats.
☆15Jun 21, 2025Updated 8 months ago
Croko-fr / ludus-templates
View on GitHub
Repository for Ludus french templates
☆21Updated this week
dobin / ttpExtractor
View on GitHub
Extract the Procedures (TTP) from CTI reports
☆17Dec 13, 2025Updated 2 months ago
0xHossam / InviGuard
View on GitHub
Basic network sec tool for real-time threat detection and C2 communication prevention. Features 70+ detection modules, IOC integration, c…
☆17Jun 11, 2024Updated last year
RantaSec / golinhound
View on GitHub
A BloodHound collector written in Go that discovers Linux and SSH attack paths. Outputs OpenGraph JSON and integrates with existing Sharp…
☆38Feb 27, 2026Updated last week
FatRodzianko / Get-Writable
View on GitHub
Find world writable directories that contain a .exe or .dll file
☆13Aug 31, 2021Updated 4 years ago
Teach2Breach / nt_unhooker
View on GitHub
demo unhooking functions in ntdll
☆28Jul 15, 2025Updated 7 months ago
0xe7 / EventSniper
View on GitHub
☆20Nov 6, 2023Updated 2 years ago
atomicchonk / ctrlaltrange
View on GitHub
AI-based Ludus range configuration builder
☆29May 6, 2025Updated 10 months ago
rkbennett / od_import
View on GitHub
☆26Dec 21, 2025Updated 2 months ago
soulemike / ad-awesome
View on GitHub
Microsoft Active Directory (AD) Awesome List
☆26Feb 27, 2025Updated last year
HackingLZ / saas_enum
View on GitHub
Command-line tool for discovering SaaS platforms a company uses via DNS enumeration
☆38Jul 23, 2025Updated 7 months ago
WildByDesign / win32-appcontainer-tools
View on GitHub
AppContainer tools for launching sandboxed win32 apps, changing ACL permissions and learning from ETW traces.
☆31May 4, 2025Updated 10 months ago
dmcxblue / Claude-C2
View on GitHub
Utilizng an MCP Server to communicate with your C2
☆86May 15, 2025Updated 9 months ago
HarshVaragiya / aws-redteam-kit
View on GitHub
A PoC to Simulate Ransomware Attack on AWS Environment
☆33Oct 14, 2024Updated last year
patrickt2017 / VEHNetLoader
View on GitHub
Another version of .NET loader provides capabilities of bypassing ETW and AMSI, utilizing VEH for syscalls and loading .NET assemblies
☆50Jul 6, 2025Updated 8 months ago
Trimarc / Locksmith
View on GitHub
A tiny tool to identify and remediate common misconfigurations in Active Directory Certificate Services
☆27May 28, 2025Updated 9 months ago
Sh3lldon / HellsVectoredGate
View on GitHub
☆54Oct 13, 2025Updated 4 months ago
p0dalirius / bhopengraph
View on GitHub
A python library to create BloodHound OpenGraphs
☆53Feb 4, 2026Updated last month
bilals12 / clusterfuck
View on GitHub
☆42Nov 13, 2025Updated 3 months ago
dmcxblue / WSL-Payloads
View on GitHub
A small How-To on creating your own weaponized WSL file
☆122Jul 23, 2025Updated 7 months ago
nyxgeek / autodiscover_enum
View on GitHub
time-based user enum via Basic Auth in Azure against Autodiscover
☆34Oct 3, 2024Updated last year
olafhartong / ETWLocksmith
View on GitHub
A powerful Windows command-line tool for analyzing and searching ETW (Event Tracing for Windows) provider permissions from the Windows re…
☆62Jul 29, 2025Updated 7 months ago
EspressoCake / ADIDNS_Parser
View on GitHub
Parser and reconciliation tooling for large Active Directory environments.
☆33Feb 18, 2025Updated last year
dobin / avred-server
View on GitHub
The AMSI server for Avred
☆33Sep 15, 2023Updated 2 years ago
spyr0-sec / AutomatedBadLab
View on GitHub
PowerShell scripts to create sandboxed or vulnerable environments using HyperV and AutomatedLab
☆93Jul 22, 2025Updated 7 months ago
smokeme / ansible-havoc
View on GitHub
Scripts I use to deploy Havoc on Linode and setup categorization and SSL
☆41May 31, 2024Updated last year
quahac / Azure-AD-Password-Checker
View on GitHub
Azure AD Password Checker
☆86Jan 17, 2025Updated last year
CCob / ProvisionAppx
View on GitHub
☆39Oct 12, 2022Updated 3 years ago
nromsdahl / squarephish2
View on GitHub
OAuth Device Code Phishing Toolkit
☆112Feb 6, 2026Updated last month
Pantheon-Security / notebooklm-mcp-secure
View on GitHub
Secure NotebookLM MCP Server - Query Google NotebookLM from Claude/AI agents with 14 security hardening layers
☆33Feb 25, 2026Updated last week
andreisss / Living-off-the-COM-Type-Coercion-Abuse
View on GitHub
This technique leverages PowerShell's .NET interop layer and COM automation to achieve stealthy command execution by abusing implicit typ…
☆52May 16, 2025Updated 9 months ago
strozfriedberg / DNSForge
View on GitHub
☆14Dec 11, 2025Updated 2 months ago