Phrozen InfoSec Tools - Papers - Phrozen
PowerRunAsSystem 25 Feb 2022

Run application as system with interactive system process support (active Windows session)

This technique doesn't rely on any external tools and doesn't require a Microsoft Service.

It spawns an NT Authority/System process using the Microsoft Windows Task Scheduler then upgrade to Interactive System Process using cool WinApi's (Run in Active Windows Session)

PowerBruteLogon 01 Dec 2021

PowerBruteLogon is a ported version of WinBruteLogon in pure PowerShell

⚠️ Notice: this version is slower than WinBruteLogon but has the serious advantage of being 100% entirely coded in PowerShell. In a near future, password attempts will be distributed to separate threads to speed up the process. Also keep in mind that this method is very noisy, each failed attempt will get logged on Microsoft Windows Event Logs.

You might find useful information about the technique used in this PoC here

RunAsAttached (Networked) 22 May 2020

Local version

You can find another variant of this program which doesn't requires Networking function and also compatible with any application like Netcat, Telnet etc... here : (RunAsAttached)[]

RunAsAttached (Local) version is more stable.

The goal of Networked version was to demonstrate inter-process communication using Socket programming.

RunAsAttached (Networked) - 32bit / 64bit

RunAsAttached is a program to run a console as another user and keep new console attached to caller console. Support reverse shell mode (Ex: Netcat)

RunAsAttached 20 May 2020

RunAs Attached (Local) - 32bit / 64bit

Create a new application process as another Microsoft Windows user and attach its inputs / outputs (stdin, stdout, stderr) to caller console.

The new process is interactivly Attached to caller console.


RunAsAttached.exe -u  -p  [-d ]

Available on download section

RunAs 18 May 2020

RunAs (Microsoft Windows) - 32bit / 64bit.

This program is an example about how to easily run any programs as any user.



  • -u <username> : Launch program as defined username.
  • -p <password> : Password associated to username account.
  • -e <program> : Executable path (Ex: notepad.exe).