xpn/WAMBam external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

xpn/WAMBam

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/xpn/WAMBam)

Close

xpn / WAMBamView on GitHubMore

• External links
• Readme badge

Tooling related to the WAM Bam - Recovering Web Tokens From Office blog post

☆131Jan 14, 2023Updated 3 years ago

Alternatives and similar repositories for WAMBam

Users that are interested in WAMBam are comparing it to the libraries listed below

• xpn / sccmwtf

  View on GitHub
  ☆160Feb 8, 2025Updated last year
• nettitude / MalSCCM

  View on GitHub
  ☆254Sep 28, 2023Updated 2 years ago
• nettitude / ETWHash

  View on GitHub
  C# POC to extract NetNTLMv1/v2 hashes from ETW provider
  ☆258May 10, 2023Updated 2 years ago
• mdsecactivebreach / DragonCastle

  View on GitHub
  A PoC that combines AutodialDLL lateral movement technique and SSP to scrape NTLM hashes from LSASS process.
  ☆303Oct 26, 2022Updated 3 years ago
• med0x2e / vba2clr

  View on GitHub
  Running .NET from VBA
  ☆148Feb 11, 2023Updated 3 years ago
• N4kedTurtle / SharpTeamsDump

  View on GitHub
  Dump Teams conversations
  ☆18Jun 9, 2021Updated 4 years ago
• boku7 / xPipe

  View on GitHub
  Cobalt Strike BOF to list Windows Pipes & return their Owners & DACL Permissions
  ☆95Mar 8, 2023Updated 3 years ago
• ShutdownRepo / ShadowCoerce

  View on GitHub
  MS-FSRVP coercion abuse PoC
  ☆302Dec 30, 2021Updated 4 years ago
• wavvs / nanorobeus

  View on GitHub
  COFF file (BOF) for managing Kerberos tickets.
  ☆320Jul 2, 2023Updated 2 years ago
• ly4k / PassTheChallenge

  View on GitHub
  Recovering NTLM hashes from Credential Guard
  ☆377Dec 26, 2022Updated 3 years ago
• X-C3LL / SharpNTLMRawUnHide

  View on GitHub
  C# version of NTLMRawUnHide
  ☆72Oct 8, 2022Updated 3 years ago
• antonioCoco / MalSeclogon

  View on GitHub
  A little tool to play with the Seclogon service
  ☆326Jul 10, 2022Updated 3 years ago
• CCob / ProvisionAppx

  View on GitHub
  ☆39Oct 12, 2022Updated 3 years ago
• mdsecactivebreach / CloneVault

  View on GitHub
  ☆71Nov 20, 2020Updated 5 years ago
• cube0x0 / PIVert-Relay

  View on GitHub
  ☆39Sep 26, 2022Updated 3 years ago
• cube0x0 / LdapSignCheck

  View on GitHub
  Beacon Object File & C# project to check LDAP signing
  ☆199Aug 7, 2024Updated last year
• alfarom256 / BOF-ForeignLsass

  View on GitHub
  ☆101Aug 23, 2021Updated 4 years ago
• passthehashbrowns / BOFMask

  View on GitHub
  ☆125Jun 28, 2023Updated 2 years ago
• Mayyhem / SharpSCCM

  View on GitHub
  A C# utility for interacting with SCCM
  ☆683Aug 20, 2025Updated 7 months ago
• Tw1sm / RITM

  View on GitHub
  Roast in the Middle
  ☆294Sep 19, 2025Updated 6 months ago
• OG-Sadpanda / SharpSword

  View on GitHub
  Read the contents of MS Word Documents using Cobalt Strike's Execute-Assembly
  ☆117Sep 30, 2024Updated last year
• evilashz / CheeseOunce

  View on GitHub
  Coerce Windows machines auth via MS-EVEN
  ☆174Jan 17, 2024Updated 2 years ago
• FalconForceTeam / BOF2shellcode

  View on GitHub
  POC tool to convert CobaltStrike BOF files to raw shellcode
  ☆220Nov 5, 2021Updated 4 years ago
• CCob / lsarelayx

  View on GitHub
  NTLM relaying for Windows made easy
  ☆581Apr 25, 2023Updated 2 years ago
• Luct0r / KerberOPSEC

  View on GitHub
  OPSEC safe Kerberoasting in C#
  ☆198Jun 14, 2022Updated 3 years ago
• snovvcrash / BOFs

  View on GitHub
  Beacon Object Files (not Buffer Overflows)
  ☆58Mar 6, 2023Updated 3 years ago
• mlcsec / ASRenum-BOF

  View on GitHub
  Cobalt Strike BOF that identifies Attack Surface Reduction (ASR) rules, actions, and exclusion locations
  ☆162Mar 1, 2024Updated 2 years ago
• Henkru / cs-token-vault

  View on GitHub
  In-memory token vault BOF for Cobalt Strike
  ☆149Aug 18, 2022Updated 3 years ago
• praetorian-inc / ADFSRelay

  View on GitHub
  Proof of Concept Utilities Developed to Research NTLM Relaying Attacks Targeting ADFS
  ☆186Jun 22, 2022Updated 3 years ago
• nettitude / RunOF

  View on GitHub
  ☆153Jan 6, 2023Updated 3 years ago
• connormcgarr / tgtdelegation

  View on GitHub
  tgtdelegation is a Beacon Object File (BOF) to obtain a usable TGT via the "TGT delegation trick"
  ☆178Nov 26, 2021Updated 4 years ago
• d3lb3 / KeeFarceReborn

  View on GitHub
  A standalone DLL that exports databases in cleartext once injected in the KeePass process.
  ☆300Mar 1, 2023Updated 3 years ago
• outflanknl / TamperETW

  View on GitHub
  PoC to demonstrate how CLR ETW events can be tampered.
  ☆192Mar 26, 2020Updated 5 years ago
• Z4kSec / Masky

  View on GitHub
  Python library with CLI allowing to remotely dump domain user credentials via an ADCS without dumping the LSASS process memory
  ☆399Aug 15, 2025Updated 7 months ago
• shantanu561993 / Awesome_Firebase_DomainFront

  View on GitHub
  Firebase Domain Front Code
  ☆21May 4, 2021Updated 4 years ago
• slyd0g / SharpCrashEventLog

  View on GitHub
  C# port of LogServiceCrash
  ☆46Oct 7, 2020Updated 5 years ago
• cube0x0 / BofRoast

  View on GitHub
  Beacon Object Files for roasting Active Directory
  ☆236Feb 21, 2022Updated 4 years ago
• mgeeky / ElusiveMice

  View on GitHub
  Cobalt Strike User-Defined Reflective Loader with AV/EDR Evasion in mind
  ☆484Jul 12, 2023Updated 2 years ago
• rvrsh3ll / TokenTactics

  View on GitHub
  Azure JWT Token Manipulation Toolset
  ☆720Dec 6, 2024Updated last year