JPG0mez / ADCSyncLinks
Use ESC1 to perform a makeshift DCSync and dump hashes
☆211Updated last year
Alternatives and similar repositories for ADCSync
Users that are interested in ADCSync are comparing it to the libraries listed below
Sorting:
- ☆232Updated last year
- Attempt at Obfuscated version of SharpCollection☆222Updated 3 weeks ago
- BOF and Python3 implementation of technique to unbind 445/tcp on Windows via SCM interactions☆331Updated 10 months ago
- PoC to coerce authentication from Windows hosts using MS-WSP☆289Updated 2 years ago
- The GPOddity project, aiming at automating GPO attack vectors through NTLM relaying (and more).☆326Updated 10 months ago
- This tool leverages the Process Forking technique using the RtlCreateProcessReflection API to clone the lsass.exe process. Once the clone…☆208Updated 11 months ago
- ☆212Updated last year
- ☆227Updated 11 months ago
- The BackupOperatorToolkit contains different techniques allowing you to escalate from Backup Operator to Domain Admin☆177Updated 2 years ago
- A tool for enumerating potential hosts that are open to GSSAPI abuse within Active Directory networks☆175Updated last month
- Tool designed to find folder exclusions using Windows Defender using command line utility MpCmdRun.exe as a low privileged user, without …☆217Updated last year
- ACL abuse swiss-knife☆123Updated 2 years ago
- Extracting NetNTLM without touching lsass.exe☆239Updated last year
- Havoc C2 profile generator☆96Updated 2 months ago
- C# POC to extract NetNTLMv1/v2 hashes from ETW provider☆258Updated 2 years ago
- My implementation of the GIUDA project in C++☆186Updated 2 years ago
- Lateral Movement☆124Updated last year
- Python script for automating the creation of serverless cloud redirectors from Cobalt Strike malleable C2 profiles☆199Updated last year
- Leak of any user's NetNTLM hash. Fixed in KB5040434☆258Updated last year
- CobaltStrike BOF to spawn Beacons using DLL Application Directory Hijacking☆282Updated 2 years ago
- ☆100Updated 2 years ago
- Set of python scripts which perform different ways of command execution via WMI protocol.☆162Updated 2 years ago
- Determine if the WebClient Service (WebDAV) is running on a remote system☆140Updated last year
- A simple POC that abuses Backup Operator privileges to remote dump SAM, SYSTEM, and SECURITY☆86Updated 3 years ago
- Tool for viewing NTDS.dit☆180Updated 6 months ago
- DDSpoof is a tool that enables DHCP DNS Dynamic Update attacks against Microsoft DHCP servers in AD environments.☆133Updated last year
- Generate BloodHound compatible JSON from logs written by ldapsearch BOF, pyldapsearch and Brute Ratel's LDAP Sentinel☆307Updated last week
- psexecsvc - a python implementation of PSExec's native service implementation☆217Updated 7 months ago
- Active Directory Authentication Library☆80Updated last month
- OPSEC safe Kerberoasting in C#☆192Updated 3 years ago