Stars
BloodyAD is an Active Directory Privilege Escalation Framework
Python version of the C# tool for "Shadow Credentials" attacks
wspcoerce coerces a Windows computer account via SMB to an arbitrary target using MS-WSP
Active Directory and Internal Pentest Cheatsheets
Beacon Object File for Cobalt Strike that executes .NET assemblies in beacon with evasion techniques.
PingCastle - Get Active Directory Security at 80% in 20% of the time
List accounts with Service Principal Names (SPN) not linked to active dns records in an Active Directory Domain.
POC tool to convert CobaltStrike BOF files to raw shellcode
A Beacon Object File (BOF) that performs the complete ESC1 attack chain in a single execution: certificate request with arbitrary SAN (+SID), PKINIT authentication, and NT hash extraction via UnPAC…
Proof of concept for Kerberos Armoring abuse.
SeImpersonate privilege escalation tool for Windows 8 - 11 and Windows Server 2012 - 2022 with extensive PowerShell and .NET reflection support.
Exploit Development and Reverse Engineering with GDB & LLDB Made Easy
Fully featured and community-driven hacking environment
Dump lsass using only NTAPI functions by hand-crafting Minidump files (without MiniDumpWriteDump!!!)
Extract SAM and SYSTEM using Volume Shadow Copy (VSS) API. With multiple exfiltration options and XOR obfuscation
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
A Linux eBPF rootkit with a backdoor, C2, library injection, execution hijacking, persistence and stealth capabilities.
Sometimes EDR blocks secretsdump.py but not when you have user-specific dump using ```-just-dc-user``` so this script is to combine both methods using a user list for stealthier extraction, bypassi…
Cobalt Strike module x loader x profile x wike / A public collection of open resources for Cobalt Strike (only legal use in Red Team and penetration testing
Programmatically create an administrative user under Windows