trustedsec/specula

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/trustedsec/specula)

trustedsec / specula

☆231

Alternatives and similar repositories for specula

Users that are interested in specula are comparing it to the libraries listed below

Sorting:

zyn3rgy / smbtakeover
View on GitHub
BOF and Python3 implementation of technique to unbind 445/tcp on Windows via SCM interactions
☆346Nov 19, 2024Updated last year
Mayyhem / Maestro
View on GitHub
Abusing Azure services over C2
☆368Jan 20, 2026Updated last month
JanielDary / ImmoralFiber
View on GitHub
Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) Phan…
☆283Sep 18, 2024Updated last year
wavvs / nanorobeus
View on GitHub
COFF file (BOF) for managing Kerberos tickets.
☆320Jul 2, 2023Updated 2 years ago
FalconForceTeam / SOAPHound
View on GitHub
SOAPHound is a custom-developed .NET data collector tool which can be used to enumerate Active Directory environments via the Active Dire…
☆862Feb 3, 2024Updated 2 years ago
decoder-it / KrbRelay-SMBServer
View on GitHub
☆235Oct 8, 2024Updated last year
REDMED-X / OperatorsKit
View on GitHub
Collection of Beacon Object Files (BOF) for Cobalt Strike
☆675Aug 15, 2025Updated 6 months ago
trustedsec / The_Shelf
View on GitHub
Retired TrustedSec Capabilities
☆248Jan 5, 2026Updated last month
grimlockx / ADCSKiller
View on GitHub
An ADCS Exploitation Automation Tool Weaponizing Certipy and Coercer
☆738May 19, 2023Updated 2 years ago
CICADA8-Research / RemoteKrbRelay
View on GitHub
Remote Kerberos Relay made easy! Advanced Kerberos Relay Framework
☆638May 8, 2025Updated 9 months ago
lap1nou / CLR_Heap_encryption
View on GitHub
☆101Oct 7, 2023Updated 2 years ago
trustedsec / CS_COFFLoader
View on GitHub
☆130Dec 4, 2023Updated 2 years ago
T3nb3w / ComDotNetExploit
View on GitHub
A C++ proof of concept demonstrating the exploitation of Windows Protected Process Light (PPL) by leveraging COM-to-.NET redirection and …
☆334Mar 6, 2025Updated 11 months ago
fortra / No-Consolation
View on GitHub
A BOF that runs unmanaged PEs inline
☆681Oct 23, 2024Updated last year
Flangvik / TeamFiltration
View on GitHub
TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts
☆1,369Oct 22, 2025Updated 4 months ago
VoldeSec / PatchlessCLRLoader
View on GitHub
.NET assembly loader with patchless AMSI and ETW bypass
☆368Apr 19, 2023Updated 2 years ago
CCob / DRSAT
View on GitHub
Disconnected RSAT - A method of running Group Policy Manager, Certificate Authority and Certificate Templates MMC snap-ins from non-domai…
☆275Dec 27, 2024Updated last year
RedSiege / GraphStrike
View on GitHub
Cobalt Strike HTTPS beaconing over Microsoft Graph API
☆622Jun 25, 2024Updated last year
garrettfoster13 / sccmhunter
View on GitHub
SCCMHunter is a post-ex tool built to streamline identifying, profiling, and attacking SCCM related assets in an Active Directory domain.…
☆892Feb 18, 2026Updated last week
RalfHacker / Kerbeus-BOF
View on GitHub
BOF for Kerberos abuse (an implementation of some important features of the Rubeus).
☆546Nov 23, 2025Updated 3 months ago
xpn / WAMBam
View on GitHub
Tooling related to the WAM Bam - Recovering Web Tokens From Office blog post
☆130Jan 14, 2023Updated 3 years ago
trustedsec / CS-Remote-OPs-BOF
View on GitHub
Remote operations commands implemented using Beacon Object Files
☆1,120Updated this week
Octoberfest7 / DropSpawn_BOF
View on GitHub
CobaltStrike BOF to spawn Beacons using DLL Application Directory Hijacking
☆285Jun 8, 2023Updated 2 years ago
ipSlav / DirtyCLR
View on GitHub
An App Domain Manager Injection DLL PoC on steroids
☆212Dec 14, 2023Updated 2 years ago
rtecCyberSec / BitlockMove
View on GitHub
Lateral Movement via Bitlocker DCOM interfaces & COM Hijacking
☆436Jun 27, 2025Updated 8 months ago
sevagas / Advanced_Initial_access_in_2024_OffensiveX
View on GitHub
Resources linked to my presentation at OffensiveX in Athens in June 2024 on the topic "Breach the Gat, Advanced Initial Access in 2024"
☆146Aug 15, 2024Updated last year
naksyn / Pyramid
View on GitHub
a tool to help operate in EDRs' blind spots
☆767Dec 2, 2024Updated last year
mlcsec / EDRenum-BOF
View on GitHub
Identify common EDR processes, directories, and services. Simple BOF of Invoke-EDRChecker.
☆128Oct 4, 2024Updated last year
Flangvik / QRucible
View on GitHub
Python utility that generates "imageless" QR codes in various formats
☆137Aug 10, 2024Updated last year
srlabs / Certiception
View on GitHub
An ADCS honeypot to catch attackers in your internal network.
☆324Jun 27, 2024Updated last year
ricardojoserf / TrickDump
View on GitHub
Dump lsass using only NTAPI functions creating 3 JSON and 1 ZIP file... and generate the MiniDump file later!
☆539May 9, 2025Updated 9 months ago
f-bader / TokenTacticsV2
View on GitHub
A fork of the great TokenTactics with support for CAE and token endpoint v2
☆393Feb 9, 2026Updated 2 weeks ago
senzee1984 / EDRPrison
View on GitHub
Leverage a legitimate WFP callout driver to prevent EDR agents from sending telemetry
☆458Aug 2, 2024Updated last year
xpn / CloudInject
View on GitHub
☆121Nov 21, 2024Updated last year
werdhaihai / AtlasReaper
View on GitHub
A command-line tool for reconnaissance and targeted write operations on Confluence and Jira instances.
☆271Sep 14, 2023Updated 2 years ago
Z4kSec / Masky
View on GitHub
Python library with CLI allowing to remotely dump domain user credentials via an ADCS without dumping the LSASS process memory
☆398Aug 15, 2025Updated 6 months ago
nettitude / TokenCert
View on GitHub
TokenCert
☆102Nov 15, 2024Updated last year
LuemmelSec / APEX
View on GitHub
Azure Post Exploitation Framework
☆244Oct 27, 2025Updated 4 months ago
fkasler / cuddlephish
View on GitHub
Weaponized Browser-in-the-Middle (BitM) for Penetration Testers
☆607Dec 9, 2025Updated 2 months ago