Domain
SCCMHunter is a post-ex tool built to streamline identifying, profiling, and attacking SCCM related assets in an Active Directory domain.
Contains a collection of Bash scripts designed for comprehensive security audits and network mapping of Active Directory (AD) environments. The scripts automate various tasks including LDAP queryin…
Active Directory reconnaissance and exploitation for Red Teams via the Active Directory Web Services (ADWS).
A tool to query for the existence of pre-windows 2000 computer objects.
Ask a TGS on behalf of another user without password
Monitor creation, deletion and changes to LDAP objects live during your pentest or system administration!
A python tool to parse and describe the SDDL string.
Automation for internal Windows Penetrationtest / AD-Security
Tool to remotely dump secrets from the Windows registry
Source code and examples for PassiveAggression
heapdump敏感信息查询工具,例如查找 spring heapdump中的密码明文,AK,SK等
Escalate Service Account To LocalSystem via Kerberos
Remote Kerberos Relay made easy! Advanced Kerberos Relay Framework
Add Shadow Credentials to a target object by editing their msDS-KeyCredentialLink attribute
DeadPotato is a windows privilege escalation utility from the Potato family of exploits, leveraging the SeImpersonate right to obtain SYSTEM privileges. This script has been customized from the ori…
Find interesting files stored on (System Center) Configuration Manager (SCCM/CM) shares via HTTP(s)
Dump lsass using only NTAPI functions creating 3 JSON and 1 ZIP file... and generate the MiniDump file later!
A set of programs for analyzing common vulnerabilities in COM
Disconnected RSAT - A method of running Group Policy Manager, Certificate Authority and Certificate Templates MMC snap-ins from non-domain joined machies
Leverage WindowsApp createdump tool to obtain an lsass dump
RpcView is a free tool to explore and decompile Microsoft RPC interfaces
A Bypass Anti-virus Software Lateral Movement Command Execution Tool
PowerShell scripts for alternative SharpHound enumeration, including users, groups, computers, and certificates, using the ActiveDirectory module (ADWS) or System.DirectoryServices class (LDAP).
SOAPHound is a custom-developed .NET data collector tool which can be used to enumerate Active Directory environments via the Active Directory Web Services (ADWS) protocol.