Combining KslDump and GhostKatz to dump LSASS using no-fix KslD.sys memory read to bypass PPL. Extracts MSV1_0 NT hashes and WDigest cleartext passwords (if enabled) from LSASS using a Microsoft-signed driver.
☆45Mar 27, 2026Updated 3 months ago
Alternatives and similar repositories for KslKatz
Users that are interested in KslKatz are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- A PoC Cobalt Strike UDRL written in Rust☆31Jun 20, 2026Updated 3 weeks ago
- Havoc C2 BOF port of the KslD.sys BYOVD technique. Credential extraction from lsass via physical memory — no OpenProcess, no auditable AP…☆142Apr 22, 2026Updated 2 months ago
- NTLM Relaying to generic web services with NTLM authentication☆77Mar 20, 2026Updated 3 months ago
- Tor transport bridge for Sliver C2 - anonymous command and control☆52Jan 20, 2026Updated 5 months ago
- .NET CLR-Stomping☆146May 20, 2026Updated last month
- Serverless GPU API endpoints on Runpod - Get Bonus Credits • AdSkip the infrastructure headaches. Auto-scaling, pay-as-you-go, no-ops approach lets you focus on innovating your application.
- A Ligolo-ng JavaScript agent working inside Chrome & Chromium-based browsers by leveraging Isolated Web Applications.☆134Mar 30, 2026Updated 3 months ago
- Windows SSH Misconfiguration Discovery Tool - Map lateral movement paths through misconfigured SSH services in Active Directory environme…☆88May 11, 2026Updated 2 months ago
- A vibe-coded port of wiretap☆35Apr 25, 2026Updated 2 months ago
- Phantom is project created to perform loading and executing unmanaged code in memory within an IIS environment running in full‑trust mode…☆107Jun 5, 2026Updated last month
- BAADTokenBroker is a post-exploitation tool designed to interact with Microsoft Entra ID device-bound keys.☆83Apr 11, 2026Updated 3 months ago
- A stealthier approach to WMI-based command execution using Impacket without touching the disk.☆85Mar 15, 2026Updated 3 months ago
- Adaptix C2 extender to support Cobalt Strike Malleable C2 profiles☆47Jun 28, 2026Updated 2 weeks ago
- Cobalt Strike Aggressor Script for identifying security products on Windows hosts — six enumeration methods rated by noise level, from si…☆92Feb 6, 2026Updated 5 months ago
- Async port scanner BOF. Supports IP/port ranges, CIDR notation and hostnames.☆18Jun 17, 2026Updated 3 weeks ago
- Managed Kubernetes at scale on DigitalOcean • AdDigitalOcean Kubernetes includes the control plane, bandwidth allowance, container registry, automatic updates, and more for free.
- ☆202Mar 28, 2025Updated last year
- ☆86Apr 8, 2026Updated 3 months ago
- Porting of NPPSPY by Grzegorz Tworek to 'man in the middle' the user logon process, and store the user's name and password in an unassumi…☆20Apr 24, 2023Updated 3 years ago
- A Cobalt Strike BOF implementation of the SilentHarvest registry dumping technique☆182Apr 14, 2026Updated 3 months ago
- Beacon Object File for LDAP Queries Through ADWS☆33Jun 12, 2026Updated last month
- BOF for extracting Edge credentials from the main browser process.☆48May 5, 2026Updated 2 months ago
- Janus analyzes C2 telemetry to surface failure patterns, operator friction, and automation opportunities across engagements.☆54Jun 23, 2026Updated 3 weeks ago
- Quick overview of the domain.☆60Apr 3, 2026Updated 3 months ago
- C++ tool and library for converting .bin files to shellcode in multiple output formats.☆33Aug 18, 2025Updated 10 months ago
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
- AdaptixC2 default beacon agent extended to support Crystal Palace loaders.☆62May 4, 2026Updated 2 months ago
- PowerShell collector for adding SCCM attack paths to BloodHound with OpenGraph☆97Apr 21, 2026Updated 2 months ago
- Cobalt Strike BOF to obtain location data☆26Jul 4, 2026Updated last week
- Another new coercion primitive with LPE - machine-account NTLM coercion from a non-admin user via Windows Store InstallService plugin res…☆86Jun 20, 2026Updated 3 weeks ago
- Bof of RegPwn by MDSec☆127Mar 15, 2026Updated 3 months ago
- Generate and Manage KeyCredentialLinks☆256Jun 2, 2026Updated last month
- Step-by-step documentation on how to decrypt SCCM database secrets offline☆50Oct 20, 2025Updated 8 months ago
- DSCourier is a proof-of-concept that uses the WinGet Configuration COM API to apply DSC configurations through Microsoft-signed binaries.☆210Jun 25, 2026Updated 2 weeks ago
- UDC2 implementation that provides an ICMP C2 channel☆125Nov 24, 2025Updated 7 months ago
- End-to-end encrypted email - Proton Mail • AdSpecial offer: 40% Off Yearly / 80% Off First Month. All Proton services are open source and independently audited for security.
- Polymorphic PE rewriter for Windows x64 , rewrites binaries into semantically identical but byte-different variants☆192Jun 6, 2026Updated last month
- This repo contains the results of an internal re-write of impacket I undertook at my current company. It contains some of the IoCs found …☆313May 24, 2026Updated last month
- Another BYOVD process killer. works on all EDR's. fully signed.☆285May 19, 2026Updated last month
- Evasive loader for .NET Framework assemblies☆44May 14, 2026Updated 2 months ago
- PowerShell Script to automatically abuse the BadSuccessor vulnerability (CVE-2025-53779)☆47Jun 15, 2026Updated last month
- A credential extraction BOF for Veeam Backup and Replication and Veeam One☆78Jul 1, 2026Updated last week
- template for developing custom C2 channels for Cobalt Strike using IAT hooks applied by a reflective loader.☆107Jan 10, 2026Updated 6 months ago