Stars
Azure AppHunter is an open-source tool created for security researchers, red teamers and defenders to help them identify excessive privileges assigned to Service Principals
Windows Local Privilege Escalation Cookbook
A tool which creates a spoofed certificate of any online website and signs an Executable for AV Evasion. Works for both Windows and Linux
A tool employs direct registry manipulation to create scheduled tasks without triggering the usual event logs.
Plugin for Neural Amp Modeler
Programmatically start WebClient from an unprivileged session to enable that juicy privesc.
PowerHuntShares is an audit script designed in inventory, analyze, and report excessive privileges configured on Active Directory domains.
Makes reverse engineering Android apps easier, automating repetitive tasks like pulling, decoding, rebuilding and patching an APK.
Free, Open Source, User-Mode SMB 1.0/CIFS, SMB 2.0, SMB 2.1 and SMB 3.0 server and client library
Determine if the WebClient Service (WebDAV) is running on a remote system
Whisker is a C# tool for taking over Active Directory user and computer accounts by manipulating their msDS-KeyCredentialLink attribute, effectively adding "Shadow Credentials" to the target account.
An EDR bypass that prevents EDRs from hooking or loading DLLs into our process by hijacking the AppVerifier layer
SOAPHound is a custom-developed .NET data collector tool which can be used to enumerate Active Directory environments via the Active Directory Web Services (ADWS) protocol.
Python version of the C# tool for "Shadow Credentials" attacks
Tool for Active Directory Certificate Services enumeration and abuse
Bypassing Kerberoast Detections with Modified KDC Options and Encryption Types
User enumeration and password bruteforce on Azure, ADFS, OWA, O365, Teams and gather emails on Linkedin
Reverse Tunneling made easy for pentesters, by pentesters https://sysdream.com/
Exploitation paths allowing you to (mis)use the Windows Privileges to elevate your rights within the OS.
Enumerate all network shares in the current domain. Also, can resolve names to IP addresses.
cobbr / InsecurePowerShell
Forked from PowerShell/PowerShellInsecurePowerShell is PowerShell with some security features removed.
C# implementation of the token privilege removal flaw discovered by @GabrielLandau/Elastic
Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user
Remix is a browser-based compiler and IDE that enables users to build Ethereum contracts with Solidity language and to debug transactions.
Run PowerShell with rundll32. Bypass software restrictions.
CVE-2021-42287/CVE-2021-42278 Scanner & Exploiter.