wh0amitz/KRBUACBypass external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

wh0amitz/KRBUACBypass

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/wh0amitz/KRBUACBypass)

Close

wh0amitz / KRBUACBypassView on GitHubMore

• External links
• Readme badge

UAC Bypass By Abusing Kerberos Tickets

☆507Aug 10, 2023Updated 2 years ago

Alternatives and similar repositories for KRBUACBypass

Users that are interested in KRBUACBypass are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• wh0amitz / S4UTomato

  View on GitHub
  Escalate Service Account To LocalSystem via Kerberos
  ☆404Sep 14, 2023Updated 2 years ago
• wh0amitz / BypassCredGuard

  View on GitHub
  Credential Guard Bypass Via Patching Wdigest Memory
  ☆336Feb 3, 2023Updated 3 years ago
• Dec0ne / DavRelayUp

  View on GitHub
  DavRelayUp - a universal no-fix local privilege escalation in domain-joined windows workstations where LDAP signing is not enforced (the …
  ☆569Jun 5, 2023Updated 2 years ago
• antonioCoco / SspiUacBypass

  View on GitHub
  Bypassing UAC with SSPI Datagram Contexts
  ☆466Sep 24, 2023Updated 2 years ago
• slemire / WSPCoerce

  View on GitHub
  PoC to coerce authentication from Windows hosts using MS-WSP
  ☆305Sep 7, 2023Updated 2 years ago
• Serverless GPU API endpoints on Runpod - Bonus Credits • Ad
  Skip the infrastructure headaches. Auto-scaling, pay-as-you-go, no-ops approach lets you focus on innovating your application.
• crisprss / RasmanPotato

  View on GitHub
  Abuse Impersonate Privilege from Service to SYSTEM like other potatoes do
  ☆402Feb 6, 2023Updated 3 years ago
• XiaoliChan / wmiexec-Pro

  View on GitHub
  New generation of wmiexec.py
  ☆1,279Mar 24, 2026Updated 3 weeks ago
• decoder-it / LocalPotato

  View on GitHub
  ☆706Nov 7, 2023Updated 2 years ago
• WKL-Sec / HiddenDesktop

  View on GitHub
  HVNC for Cobalt Strike
  ☆1,317Dec 7, 2023Updated 2 years ago
• wh0amitz / SharpADWS

  View on GitHub
  Active Directory reconnaissance and exploitation for Red Teams via the Active Directory Web Services (ADWS).
  ☆589Mar 19, 2024Updated 2 years ago
• decoder-it / ADCSCoercePotato

  View on GitHub
  ☆245May 5, 2024Updated last year
• YOLOP0wn / POSTDump

  View on GitHub
  ☆345Nov 10, 2025Updated 5 months ago
• g3tsyst3m / elevationstation

  View on GitHub
  elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative
  ☆385Nov 2, 2023Updated 2 years ago
• WKL-Sec / dcomhijack

  View on GitHub
  Lateral Movement Using DCOM and DLL Hijacking
  ☆325Jun 18, 2023Updated 2 years ago
• Virtual machines for every use case on DigitalOcean • Ad
  Get dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
• wh0amitz / PetitPotato

  View on GitHub
  Local privilege escalation via PetitPotam (Abusing impersonate privileges).
  ☆458Mar 30, 2023Updated 3 years ago
• foxlox / GIUDA

  View on GitHub
  Ask a TGS on behalf of another user without password
  ☆482Mar 30, 2025Updated last year
• Kudaes / Elevator

  View on GitHub
  UAC bypass by abusing RPC and debug objects.
  ☆629Oct 19, 2023Updated 2 years ago
• RalfHacker / Kerbeus-BOF

  View on GitHub
  BOF for Kerberos abuse (an implementation of some important features of the Rubeus).
  ☆560Nov 23, 2025Updated 4 months ago
• netero1010 / GhostTask

  View on GitHub
  A tool employs direct registry manipulation to create scheduled tasks without triggering the usual event logs.
  ☆622Jan 2, 2025Updated last year
• Ridter / atexec-pro

  View on GitHub
  Fileless atexec, no more need for port 445
  ☆406Mar 28, 2024Updated 2 years ago
• lem0nSec / ShellGhost

  View on GitHub
  A memory-based evasion technique which makes shellcode invisible from process start to end.
  ☆1,197Oct 16, 2023Updated 2 years ago
• zcgonvh / DCOMPotato

  View on GitHub
  Some Service DCOM Object and SeImpersonatePrivilege abuse.
  ☆372Dec 9, 2022Updated 3 years ago
• grimlockx / ADCSKiller

  View on GitHub
  An ADCS Exploitation Automation Tool Weaponizing Certipy and Coercer
  ☆742May 19, 2023Updated 2 years ago
• Virtual machines for every use case on DigitalOcean • Ad
  Get dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
• wavvs / nanorobeus

  View on GitHub
  COFF file (BOF) for managing Kerberos tickets.
  ☆322Jul 2, 2023Updated 2 years ago
• CCob / ThreadlessInject

  View on GitHub
  Threadless Process Injection using remote function hooking.
  ☆811Sep 4, 2024Updated last year
• trustedsec / CS-Remote-OPs-BOF

  View on GitHub
  Remote operations commands implemented using Beacon Object Files
  ☆1,146Mar 5, 2026Updated last month
• zblurx / certsync

  View on GitHub
  Dump NTDS with golden certificates and UnPAC the hash
  ☆646Mar 20, 2024Updated 2 years ago
• zcgonvh / EfsPotato

  View on GitHub
  Exploit for EfsPotato(MS-EFSR EfsRpcOpenFileRaw with SeImpersonatePrivilege local privalege escalation vulnerability).
  ☆822Dec 14, 2023Updated 2 years ago
• mertdas / SharpTerminator

  View on GitHub
  Terminate AV/EDR Processes using kernel driver
  ☆354Jun 12, 2023Updated 2 years ago
• wh0amitz / SharpRODC

  View on GitHub
  To audit the security of read-only domain controllers
  ☆119Nov 27, 2023Updated 2 years ago
• VoldeSec / PatchlessCLRLoader

  View on GitHub
  .NET assembly loader with patchless AMSI and ETW bypass
  ☆376Apr 19, 2023Updated 2 years ago
• MzHmO / TGSThief

  View on GitHub
  My implementation of the GIUDA project in C++
  ☆189Jul 25, 2023Updated 2 years ago
• Serverless GPU API endpoints on Runpod - Bonus Credits • Ad
  Skip the infrastructure headaches. Auto-scaling, pay-as-you-go, no-ops approach lets you focus on innovating your application.
• 0xEr3bus / PoolPartyBof

  View on GitHub
  A beacon object file implementation of PoolParty Process Injection Technique.
  ☆444Dec 21, 2023Updated 2 years ago
• fortra / No-Consolation

  View on GitHub
  A BOF that runs unmanaged PEs inline
  ☆690Oct 23, 2024Updated last year
• ly4k / PassTheChallenge

  View on GitHub
  Recovering NTLM hashes from Credential Guard
  ☆379Dec 26, 2022Updated 3 years ago
• Tw1sm / SQL-BOF

  View on GitHub
  Library of BOFs to interact with SQL servers
  ☆231Dec 3, 2025Updated 4 months ago
• kyleavery / AceLdr

  View on GitHub
  Cobalt Strike UDRL for memory scanner evasion.
  ☆1,011Jun 4, 2024Updated last year
• zyn3rgy / smbtakeover

  View on GitHub
  BOF and Python3 implementation of technique to unbind 445/tcp on Windows via SCM interactions
  ☆348Nov 19, 2024Updated last year
• 0xb11a1 / yetAnotherObfuscator

  View on GitHub
  C# obfuscator that bypass windows defender
  ☆815Jun 4, 2023Updated 2 years ago