Tool for Active Directory Certificate Services enumeration and abuse

Some scripts to abuse kerberos using Powershell

A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through 12 methods.

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

The Network Execution Tool

Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user

A password spraying tool for Microsoft Online accounts (Azure/O365). The script logs if a user cred is valid, if MFA is enabled on the account, if a tenant doesn't exist, if a user doesn't exist, i…

Enumerate domain machine accounts and perform pre2k password spraying.

Tools for Kerberos PKINIT and relaying to AD CS

Hekatomb is a python script that connects to LDAP directory to retrieve all computers and users informations. Then it will download all DPAPI blob of all users from all computers and uses Domain ba…

Dumping DPAPI credz remotely

Credentials recovery project

A quick handy script to harvest credentials off of a user during a Red Team and get execution of a file from the user

Framework for Kerberos relaying

Extract and decrypt browser data, supporting multiple data types, runnable on various operating systems (macOS, Windows, Linux).

C# binary with embeded golang hack-browser-data

NTLM relaying for Windows made easy

A list of files / paths to probe when arbitrary files can be read on a Microsoft Windows operating system

Collection of remote authentication triggers in C#

LiquidSnake is a tool that allows operators to perform fileless lateral movement using WMI Event Subscriptions and GadgetToJScript

SpoolSample -> Responder w/NetNTLM Downgrade -> NetNTLMv1 -> NTLM -> Kerberos Silver Ticket

.NET project for installing Persistence

.NET IPv4/IPv6 machine-in-the-middle tool for penetration testers

Printer Exploitation Toolkit - The tool that made dumpster diving obsolete.

Defeating Windows User Account Control

A tool to escalate privileges in an active directory network by coercing authenticate from machine accounts and relaying to the certificate service.

Async Python library to parse local and remote disk images.

Misconfiguration Manager is a central knowledge base for all known Microsoft Configuration Manager tradecraft and associated defensive and hardening guidance.

Python setter/getter for property ms-Mcs-AdmPwd used by LAPS.