Defeating Windows User Account Control

Pillager是一个适用于后渗透期间的信息收集工具

Misc TaskScheduler Plays

Framework for Kerberos relaying

Enumerate information from NTLM authentication enabled web endpoints 🔎

RDP monster-in-the-middle (mitm) and library for Python with the ability to watch connections live or after the fact

中国蚁剑后渗透框架

Contains a collection of Bash scripts designed for comprehensive security audits and network mapping of Active Directory (AD) environments. The scripts automate various tasks including LDAP queryin…

Rust Weaponization for Red Team Engagements.

Moriarty is designed to enumerate missing KBs, detect various vulnerabilities, and suggest potential exploits for Privilege Escalation in Windows environments.

Extracting NetNTLM without touching lsass.exe

Dump cookies and credentials directly from Chrome/Edge process memory

Active Directory reconnaissance and exploitation for Red Teams via the Active Directory Web Services (ADWS).

Ask a TGS on behalf of another user without password

Monitor creation, deletion and changes to LDAP objects live during your pentest or system administration!

Use RTCore64 to map your driver on windows 11.

A python tool to parse and describe the SDDL string.

强大的敏感信息搜索工具

Automation for internal Windows Penetrationtest / AD-Security

Tool to remotely dump secrets from the Windows registry

Source code and examples for PassiveAggression

Positional Independent Code to extract clear text password from mstsc.exe using API Hooking via HWBP.

Firefox Decrypt is a tool to extract passwords from Mozilla (Firefox™, Waterfox™, Thunderbird®, SeaMonkey®) profiles

heapdump敏感信息查询工具，例如查找 spring heapdump中的密码明文，AK,SK等

Escalate Service Account To LocalSystem via Kerberos