An old Windows workstations LPE for domain environments without LDAP signing/channel binding.
☆35Feb 4, 2023Updated 3 years ago
Alternatives and similar repositories for DavRelayUp
Users that are interested in DavRelayUp are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- ☆15Sep 4, 2024Updated last year
- Tool for pivoting over SMB pipes☆16Jul 20, 2019Updated 6 years ago
- Sniffing files generator☆62Feb 24, 2025Updated last year
- SACL Scanner is a tool designed to scan and analyze SACLs.☆51Feb 13, 2025Updated last year
- ADCS cert template modification and ACL enumeration☆143Jun 26, 2023Updated 2 years ago
- Automate ISSG Tool Setups☆13Nov 21, 2024Updated last year
- WhoAmI by asking the LDAP service on a domain controller.☆65Feb 8, 2022Updated 4 years ago
- ☆12Oct 9, 2020Updated 5 years ago
- Fork of Wireguard's Memmod☆17Feb 25, 2023Updated 3 years ago
- Maltego Transforms for generating screenshots from Websites and URLs☆16Apr 24, 2023Updated 2 years ago
- Generate password spraying lists based on the pwdLastSet-attribute of users.☆55Dec 6, 2023Updated 2 years ago
- ☆22Jul 15, 2023Updated 2 years ago
- AD ACL abuse☆393Sep 11, 2025Updated 6 months ago
- Small utility to chunk up a large BloodHound JSON file into smaller files for importing.☆97Apr 13, 2023Updated 2 years ago
- evilginx2 + gophish☆14Sep 8, 2022Updated 3 years ago
- To audit the security of read-only domain controllers☆118Nov 27, 2023Updated 2 years ago
- An adaptation of timwhitez's proxycall that uses kernelbase.dll!Beep.☆16Nov 1, 2023Updated 2 years ago
- CVE-2023-21707 EXP☆28Jul 6, 2023Updated 2 years ago
- A technique to coerce a Windows SQL Server to authenticate on an arbitrary machine.☆133Oct 1, 2023Updated 2 years ago
- ☆29Oct 15, 2023Updated 2 years ago
- ☆18Nov 24, 2020Updated 5 years ago
- The code is a pingback to the Dark Vortex blog:☆186Jan 26, 2023Updated 3 years ago
- DFSCoerce exe revisited version with custom authentication☆42Jan 13, 2024Updated 2 years ago
- ☆26Nov 8, 2024Updated last year
- A tool for coercing and relaying Kerberos authentication over DCOM and RPC.☆148Jul 17, 2025Updated 8 months ago
- Rust program for extracting most URLs from Discord scrapes. Works with Discord History Tracker, discard2, and DiscordChatExporter.☆20Dec 19, 2024Updated last year
- Programmatically start WebClient from an unprivileged session to enable that juicy privesc.☆78Feb 8, 2023Updated 3 years ago
- wtftp.py is a tool to attack Microsoft Deployment Toolkit (MDT) and Windows Deployment Services (WDS).☆31Jan 22, 2026Updated 2 months ago
- A command-line tool for reconnaissance and targeted write operations on Confluence and Jira instances.☆271Sep 14, 2023Updated 2 years ago
- DavRelayUp - a universal no-fix local privilege escalation in domain-joined windows workstations where LDAP signing is not enforced (the …☆568Jun 5, 2023Updated 2 years ago
- Dumping LSASS by Unhooking MiniDumpWriteDump by getting a fresh DbgHelp.dll copy from the disk , plus functions and strings obfuscation☆31Sep 24, 2022Updated 3 years ago
- A Tool for Domain Flyovers - my version of michenriksen's aquatone☆10May 1, 2023Updated 2 years ago
- ☆18Sep 14, 2023Updated 2 years ago
- Advanced PoC & Research for CVE-2026-0828 (Safetica) and CVE-2025-7771 (ThrottleStop). Analysis of BYOVD (Bring Your Own Vulnerable Drive…☆27Feb 4, 2026Updated last month
- Proof-of-Concept tool to authenticate to an LDAP/S server with a certificate through Schannel☆733Sep 3, 2025Updated 6 months ago
- ☆181Feb 3, 2021Updated 5 years ago
- A Python POC for CRED1 over SOCKS5☆165Oct 5, 2024Updated last year
- Opsec tool for finding user sessions by analyzing event log files through RPC (MS-EVEN)☆78Jun 11, 2024Updated last year
- ☆418Apr 28, 2021Updated 4 years ago