Python and BOF utilites to the determine EPA enforcement levels of popular NTLM relay targets from the offensive perspective
☆166Jan 12, 2026Updated last month
Alternatives and similar repositories for RelayInformer
Users that are interested in RelayInformer are comparing it to the libraries listed below
Sorting:
- Beacon Object Files (BOFs) for Cobalt Strike and Havoc C2. Implementations of Active Directory attacks and post-exploitation techniques.☆101Jan 26, 2026Updated last month
- A C# utility for interacting with SCOM☆96Dec 2, 2025Updated 3 months ago
- ☆138Nov 17, 2025Updated 3 months ago
- Hijacks code execution via overwriting Control Flow Guard pointers in combase.dll☆137Apr 18, 2025Updated 10 months ago
- template for developing custom C2 channels for Cobalt Strike using IAT hooks applied by a reflective loader.☆101Jan 10, 2026Updated last month
- ShadowDropper is a utility for covertly delivering and executing payloads on a target system.☆27Jul 4, 2025Updated 7 months ago
- A Beacon Object File (BOF) for Havoc/CS to Bypass PPL and Dump Lsass☆167Sep 22, 2025Updated 5 months ago
- Beacon Object File for Cobalt Strike that executes .NET assemblies in beacon with evasion techniques.☆182Dec 23, 2025Updated 2 months ago
- Beacon Object File (BOF) for Using the BadSuccessor Technique for Account Takeover☆86Oct 20, 2025Updated 4 months ago
- A BOF that's a BOF Loader and more☆198Jan 17, 2026Updated last month
- Automated Pass-the-Ticket (PtT) attack. Standalone alternative to Rubeus and Mimikatz for this attack. Implemented in C#, C++, Crystal, P…☆124Feb 17, 2026Updated 2 weeks ago
- UDC2 implementation that provides an ICMP C2 channel☆115Nov 24, 2025Updated 3 months ago
- ForsHops☆152Mar 25, 2025Updated 11 months ago
- AppLocker-Based EDR Neutralization☆321Dec 19, 2025Updated 2 months ago
- Attempting to Hook LSASS APIs to Retrieve Plaintext Credentials☆54May 12, 2025Updated 9 months ago
- Python script to leverage MSFT_MTProcess WMI class☆39Sep 17, 2025Updated 5 months ago
- An alternative to the builtin clipboard feature in Cobalt Strike that adds the capability to enable/disable and dump the clipboard histor…☆103Jan 9, 2026Updated last month
- A PICO for Crystal Palace that implements CLR hosting to execute a .NET assembly in memory.☆128Jan 28, 2026Updated last month
- Red Team Assessment Platform - reporting, visualizations, and analytics for cybersecurity red teams☆34Jan 27, 2026Updated last month
- Webcam capture capability for Cobalt Strike as a BOF, with in-memory download options☆158Mar 26, 2025Updated 11 months ago
- A Beacon Object File (BOF) that talks directly to Windows authentication packages through the LSA untrusted/trusted client interface, wit…☆256Feb 21, 2026Updated last week
- Calling the undocumented DPAPI RPC interface directly, no more calling public CryptUnprotectData!☆75Feb 4, 2026Updated 3 weeks ago
- Metamorphic cross-compilation of C++ & C-code to PIC, BOF & EXE.☆606Feb 2, 2026Updated last month
- BOF and Python3 implementation of technique to unbind 445/tcp on Windows via SCM interactions☆346Nov 19, 2024Updated last year
- a BOF implementation of various registry persistence methods☆94Nov 11, 2025Updated 3 months ago
- ☆55May 31, 2025Updated 9 months ago
- dcsync bof☆44Feb 13, 2026Updated 2 weeks ago
- ☆51May 4, 2025Updated 10 months ago
- A python script that automates a C2 Profile build☆48Dec 14, 2025Updated 2 months ago
- Cobalt Strike BOF for evasive .NET assembly execution☆308Mar 31, 2025Updated 11 months ago
- EDR-Redir : a tool used to redirect the EDR's folder to another location.☆222Nov 6, 2025Updated 3 months ago
- BOF to decrypt Signal Desktop chat logs☆71Feb 20, 2025Updated last year
- SharpExShell automates the DCOM lateral movment technique which abuses ActivateMicrosoftApp method of Excel application.☆75May 1, 2024Updated last year
- Less sugar (entropy) for your binaries☆33Sep 10, 2025Updated 5 months ago
- ☆47Dec 28, 2025Updated 2 months ago
- Chameleon is a polymorphic engine for x86_64 position independent shellcode that has been created out of the need to evade signature-base…☆47Oct 3, 2025Updated 5 months ago
- modified mssqlclient from impacket to extract policies from the SCCM database☆44Feb 24, 2026Updated last week
- ☆50Jun 4, 2025Updated 8 months ago
- Local SYSTEM auth trigger for relaying - X☆155Jul 23, 2025Updated 7 months ago