Skip to content
No description, website, or topics provided.
Branch: master
Clone or download
Pull request Compare This branch is 5 commits ahead, 4 commits behind Pickfordmatt:master.


SharpLocker helps get current user credentials by popping a fake Windows lock screen, all output is sent to Console which works perfect for Cobalt Strike. It is written in C# to allow for direct execution via memory injection using techniques such as execute-assembly found in Cobalt Strike or others, this method prevents the executable from ever touching disk. It is NOT intended to be compilled and run locally on a device.


  • Single/Multiple Monitors
  • Windows 10
  • Main monitor needs to be 1080p otherwise the location of the elements are wrong
  • With any background and profile picture

Working SharpLocker

How to

  • Compile SharpLocker from source via VisualStudio etc
  • Within a Cobalt Strike implant run execute-assembly C:/{location of exe}
  • Pray and wait for creds

Compile with the 'Release' setting or the program will only run on devices with visual studio installed

You can’t perform that action at this time.