Active Directory and Internal Pentest Cheatsheets

Tools for interacting with authentication packages using their individual message protocols

Proof-of-Concept tool for extracting NTLMv1 hashes from sessions on modern Windows systems.

adws enumeration bof

Collection of Beacon Object Files (BOF) for Cobalt Strike

Advanced Active Directory network topology analyzer with SMB validation, multiple authentication methods (password/NTLM/Kerberos), and comprehensive network discovery. Export results as BloodHound‑…

Azure Data Exporter for BloodHound

Cobalt Strike BOF for beacon/shellcode injection using fork & run technique with Draugr synthetic stack frames

SOAPHound is a custom-developed .NET data collector tool which can be used to enumerate Active Directory environments via the Active Directory Web Services (ADWS) protocol.

本项目集成了全网优秀的攻防武器工具项目，包含自动化利用，子域名、目录扫描、端口扫描等信息收集工具，各大中间件、cms、OA漏洞利用工具，爆破工具、内网横向、免杀、社工钓鱼以及应急响应、甲方安全资料等其他安全攻防资料。

EDR-Freeze is a tool that puts a process of EDR, AntiMalware into a coma state.

A curated list of intriguing open-source security tools, with my reviews and insights.

Creating a repository with all public Beacon Object Files (BoFs)

A fast TCP/UDP tunnel over HTTP

Collection of UAC Bypass Techniques Weaponized as BOFs

CIA UAC bypass implementation that utilizes elevated COM object to write to System32 and an auto-elevated process to execute as administrator.

DeadPotato is a windows privilege escalation utility from the Potato family of exploits, leveraging the SeImpersonate right to obtain SYSTEM privileges. This script has been customized from the ori…

y4er的ysoserial修改版，加入mysql不出网pipe文件生成

渗透测试C2、支持Lua插件扩展、域前置/CDN上线、自定义profile、前置sRDI、文件管理、进程管理、内存加载、截图、反向代理、分组管理

内网资产收集、探测主机存活、端口扫描、域控定位、文件搜索、各种服务爆破（SSH、SMB、MsSQL等）、Socks代理，一键自动化+无文件落地扫描

PHPGGC is a library of PHP unserialize() payloads along with a tool to generate them, from command line or programmatically.

GodInfo 是一个功能全面的后渗透信息和凭据收集工具，旨在帮助安全测试人员在获得授权访问权限后，快速收集目标系统的信息和凭据。

综合后渗透方面的杂烩

《深入JDBC安全：特殊URL构造与不出网反序列化利用技术揭秘》对应研究总结项目 "Deep Dive into JDBC Security: Special URL Construction and Non-Networked Deserialization Exploitation Techniques Revealed" - Research Summary Project

[ALL IN ONE] Everything that I shared to public about Cloud Security is here.

Powerful+Fast+Low Privilege Kubernetes discovery tools

Tool for Active Directory Certificate Services enumeration and abuse

Active Directory reconnaissance and exploitation for Red Teams via the Active Directory Web Services (ADWS).

CTF-Java-Gadget专注于收集CTF中Java赛题的反序列化片段

Java Vulnerability Exploitation Platform