Alternatives and similar repositories for msi_lateral_mv

Users that are interested in msi_lateral_mv are comparing it to the libraries listed below

• 0xthirteen / rpc2wc

  View on GitHub
  RPC to WebClient startup
  ☆55Aug 19, 2025Updated 5 months ago
• 3lp4tr0n / RemoteMonologue

  View on GitHub
  Weaponizing DCOM for NTLM Authentication Coercions
  ☆197Nov 4, 2025Updated 3 months ago
• Nomad0x7 / sekken-enum

  View on GitHub
  adws enumeration bof
  ☆162Oct 2, 2025Updated 4 months ago
• sudonoodle / BOF-entra-authcode-flow

  View on GitHub
  Beacon Object File (BOF) to obtain Entra tokens via authcode flow.
  ☆122Jan 17, 2026Updated 3 weeks ago
• KingOfTheNOPs / Get-NetNTLM

  View on GitHub
  Internal Monologue BOF
  ☆79Dec 28, 2024Updated last year
• AlmondOffSec / DCOMRunAs

  View on GitHub
  Lateral movement with DCOM DLL hijacking
  ☆177Jul 4, 2025Updated 7 months ago
• hotnops / ECUtilities

  View on GitHub
  Powershell and python utilties for Entra Connect
  ☆27Jun 5, 2025Updated 8 months ago
• rasta-mouse / LibGate

  View on GitHub
  A Crystal Palace shared library to resolve & perform syscalls
  ☆56Oct 29, 2025Updated 3 months ago
• garrettfoster13 / ldap_bofs

  View on GitHub
  Random BOFs for LDAP tradecraft
  ☆72Sep 9, 2025Updated 5 months ago
• M1ndo / WerDump

  View on GitHub
  A Beacon Object File (BOF) for Havoc/CS to Bypass PPL and Dump Lsass
  ☆165Sep 22, 2025Updated 4 months ago
• rasta-mouse / Crystal-Loaders

  View on GitHub
  A small collection of Crystal Palace PIC loaders designed for use with Cobalt Strike
  ☆184Oct 29, 2025Updated 3 months ago
• MayerDaniel / profiler-lateral-movement

  View on GitHub
  Lateral Movement via the .NET Profiler
  ☆100Nov 21, 2024Updated last year
• SpecterOps / cred1py

  View on GitHub
  A Python POC for CRED1 over SOCKS5
  ☆164Oct 5, 2024Updated last year
• ricardojoserf / NativeTokenImpersonate

  View on GitHub
  Impersonate Tokens using only NTAPI functions
  ☆83Apr 4, 2025Updated 10 months ago
• klezVirus / RAIWhateverTrigger

  View on GitHub
  Local SYSTEM auth trigger for relaying - X
  ☆155Jul 23, 2025Updated 6 months ago
• deepinstinct / DCOMUploadExec

  View on GitHub
  DCOM Lateral movement POC abusing the IMsiServer interface - uploads and executes a payload remotely
  ☆381Dec 13, 2024Updated last year
• wotwot563 / aad_prt_bof

  View on GitHub
  ☆157Apr 17, 2024Updated last year
• 0xNinjaCyclone / EarlyCascade

  View on GitHub
  A PoC for Early Cascade process injection technique.
  ☆208Jan 30, 2025Updated last year
• boku7 / patchwerk

  View on GitHub
  BOF that finds all the Nt* system call stubs within NTDLL and overwrites with clean syscall stubs (user land hook evasion)
  ☆195Feb 6, 2025Updated last year
• Paradoxis / ADSyncDump-BOF

  View on GitHub
  The ADSyncDump BOF is a port of Dirk-Jan Mollema's adconnectdump.py / ADSyncDecrypt into a Beacon Object File (BOF) with zero dependencie…
  ☆172Sep 3, 2025Updated 5 months ago
• RayRRT / BOFs

  View on GitHub
  Beacon Object Files (BOFs) for Cobalt Strike and Havoc C2. Implementations of Active Directory attacks and post-exploitation techniques.
  ☆98Jan 26, 2026Updated 3 weeks ago
• Teach2Breach / stargate

  View on GitHub
  Locate dlls and function addresses without PEB Walk and EAT parsing
  ☆104Nov 7, 2025Updated 3 months ago
• boku7 / StringReaper

  View on GitHub
  Reaping treasures from strings in remote processes memory
  ☆285Feb 8, 2025Updated last year
• TwoSevenOneT / EDRStartupHinder

  View on GitHub
  EDRStartupHinder: A red team tool to prevent Antivirus and EDR from running.
  ☆183Jan 11, 2026Updated last month
• temp43487580 / EntraPassTheCert

  View on GitHub
  tool for requesting Entra ID's P2P certificate and authenticating to a remote Entra joinned devices with it
  ☆131Aug 23, 2025Updated 5 months ago
• xforcered / RemoteMonologue

  View on GitHub
  Weaponizing DCOM for NTLM Authentication Coercions
  ☆275Jul 1, 2025Updated 7 months ago
• NtDallas / MemLoader

  View on GitHub
  Run native PE or .NET executables entirely in-memory. Build the loader as an .exe or .dll—DllMain is Cobalt Strike UDRL-compatible
  ☆266Jun 18, 2025Updated 7 months ago
• decoder-it / printerbugnew

  View on GitHub
  The DCERPC only printerbug.py version
  ☆201Oct 30, 2025Updated 3 months ago
• MythicAgents / Kharon-Mtc

  View on GitHub
  C2 Agent fully PIC for Mythic with advanced evasion capabilities, dotnet/powershell/shellcode/bof memory executions, lateral moviments, p…
  ☆196Dec 30, 2025Updated last month
• quarkslab / proxyblob

  View on GitHub
  SOCKS5 proxy tool that uses Azure Blob Storage as a means of communication.
  ☆287Apr 29, 2025Updated 9 months ago
• zzhsec / NlsCodeInjectionThroughRegistry

  View on GitHub
  Dll injection through code page id modification in registry. Based on jonas lykk research
  ☆17Jun 18, 2022Updated 3 years ago
• trustedsec / DitExplorer

  View on GitHub
  Tool for viewing NTDS.dit
  ☆191Mar 14, 2025Updated 11 months ago
• xforcered / Being-A-Good-CLR-Host

  View on GitHub
  ☆139Jan 16, 2025Updated last year
• netero1010 / SCCMVNC

  View on GitHub
  A tool to modify SCCM remote control settings on the client machine, enabling remote control without permission prompts or notifications.…
  ☆115Oct 20, 2024Updated last year
• CodeXTF2 / WebcamBOF

  View on GitHub
  Webcam capture capability for Cobalt Strike as a BOF, with in-memory download options
  ☆156Mar 26, 2025Updated 10 months ago
• logangoins / Cable

  View on GitHub
  .NET post-exploitation toolkit for Active Directory reconnaissance and exploitation
  ☆400Jul 23, 2025Updated 6 months ago
• grayhatkiller / wambam-bof

  View on GitHub
  ☆47Dec 5, 2025Updated 2 months ago
• rasta-mouse / LibTP

  View on GitHub
  Crystal Palace library for proxying Nt API calls via the Threadpool
  ☆97Oct 18, 2025Updated 3 months ago
• rkbennett / pybof

  View on GitHub
  Python module for running BOFs
  ☆79Nov 28, 2025Updated 2 months ago