JPG0mez / ADCSyncLinks
Use ESC1 to perform a makeshift DCSync and dump hashes
☆211Updated last year
Alternatives and similar repositories for ADCSync
Users that are interested in ADCSync are comparing it to the libraries listed below
Sorting:
- ☆228Updated last year
- The GPOddity project, aiming at automating GPO attack vectors through NTLM relaying (and more).☆314Updated 8 months ago
- PoC to coerce authentication from Windows hosts using MS-WSP☆253Updated last year
- Attempt at Obfuscated version of SharpCollection☆219Updated last week
- BOF and Python3 implementation of technique to unbind 445/tcp on Windows via SCM interactions☆318Updated 8 months ago
- ☆208Updated last year
- This tool leverages the Process Forking technique using the RtlCreateProcessReflection API to clone the lsass.exe process. Once the clone…☆204Updated 9 months ago
- ☆220Updated 9 months ago
- ☆220Updated last year
- Lateral Movement via Bitlocker DCOM interfaces & COM Hijacking☆297Updated last month
- Tool designed to find folder exclusions using Windows Defender using command line utility MpCmdRun.exe as a low privileged user, without …☆211Updated 10 months ago
- Lateral Movement☆124Updated last year
- psexecsvc - a python implementation of PSExec's native service implementation☆206Updated 5 months ago
- Active Directory Authentication Library☆78Updated 2 weeks ago
- ☆100Updated last year
- The BackupOperatorToolkit contains different techniques allowing you to escalate from Backup Operator to Domain Admin☆176Updated 2 years ago
- Extracting NetNTLM without touching lsass.exe☆239Updated last year
- Execute commands interactively on remote Windows machines using the WinRM protocol☆196Updated last week
- Set of python scripts which perform different ways of command execution via WMI protocol.☆160Updated 2 years ago
- My implementation of the GIUDA project in C++☆185Updated 2 years ago
- ☆159Updated last year
- Tool for viewing NTDS.dit☆174Updated 4 months ago
- A simple POC that abuses Backup Operator privileges to remote dump SAM, SYSTEM, and SECURITY☆86Updated 3 years ago
- Generate BloodHound compatible JSON from logs written by ldapsearch BOF, pyldapsearch and Brute Ratel's LDAP Sentinel☆269Updated this week
- The OUned project automating Active Directory Organizational Units ACL exploitation through gPLink poisoning☆123Updated 4 months ago
- Leak of any user's NetNTLM hash. Fixed in KB5040434☆257Updated 11 months ago
- Havoc C2 profile generator☆92Updated 3 weeks ago
- A technique to coerce a Windows SQL Server to authenticate on an arbitrary machine.☆132Updated last year
- Offensive MSSQL toolkit written in Python, based off SQLRecon☆203Updated 6 months ago
- OPSEC safe Kerberoasting in C#☆192Updated 3 years ago