Create a vulnerable active directory that's allowing you to test most of the active directory attacks in a local lab
☆185Mar 1, 2023Updated 3 years ago
Alternatives and similar repositories for vulnerable-AD-plus
Users that are interested in vulnerable-AD-plus are comparing it to the libraries listed below
Sorting:
- Create a vulnerable active directory that's allowing you to test most of the active directory attacks in a local lab☆2,257Apr 12, 2024Updated last year
- Slides and Codes used for the workshop Red Team Infrastructure Automation☆193Apr 14, 2024Updated last year
- Step-by-step documentation on how to decrypt SCCM database secrets offline☆50Oct 20, 2025Updated 4 months ago
- Lab used for workshop and CTF☆501Feb 3, 2026Updated last month
- A companion tool that uses ADeleg to find insecure trustee and resource delegations in Active Directory☆314Feb 16, 2026Updated 2 weeks ago
- game of active directory☆7,484Jul 16, 2025Updated 7 months ago
- A PowerShell wrapper for certutil.exe☆20Feb 21, 2026Updated last week
- Installs ADDS and configures a vulnerable domain via a powershell script☆12Jul 13, 2023Updated 2 years ago
- Interactive Shell and Command Execution over Named-Pipes (SMB) for Fileless lateral movement☆181May 19, 2025Updated 9 months ago
- Impacket is a collection of Python classes for working with network protocols.☆302Jan 20, 2026Updated last month
- ☆32Jun 1, 2024Updated last year
- Remote Kerberos Relay made easy! Advanced Kerberos Relay Framework☆637May 8, 2025Updated 9 months ago
- Lord Of Active Directory - automatic vulnerable active directory on AWS☆150Oct 21, 2023Updated 2 years ago
- AD Miner is an Active Directory audit tool that leverages cypher queries to crunch data from the #Bloodhound graph database to uncover se…☆1,475Jan 23, 2026Updated last month
- Custom PowerShell module to setup an Active Directory lab environment to practice penetration testing.☆180Apr 10, 2025Updated 10 months ago
- ACEshark is a utility designed for rapid extraction and analysis of Windows service configurations and Access Control Entries, eliminatin…☆123Jan 15, 2025Updated last year
- Various resources to enhance Cobalt Strike's functionality and its ability to evade antivirus/EDR detection☆323May 17, 2024Updated last year
- The "Monash Enterprise Access Model" (MEAM) is a model for tiering Active Directory that builds heavily on the Microsoft Enterprise Acces…☆138Sep 28, 2024Updated last year
- ☆53Sep 23, 2025Updated 5 months ago
- A PoC that packages payloads into output containers to evade Mark-of-the-Web flag & demonstrate risks associated with container file form…☆1,097Jun 10, 2024Updated last year
- List of some AD tools I frequently use☆56Nov 2, 2025Updated 4 months ago
- BadBlood by @davidprowe, Secframe.com, fills a Microsoft Active Directory Domain with a structure and thousands of objects. The output of…☆2,225Jun 7, 2023Updated 2 years ago
- A tool to abuse weak permissions of Active Directory Discretionary Access Control Lists (DACLs) and Access Control Entries (ACEs)☆61Feb 4, 2026Updated last month
- Dump lsass using only NTAPI functions by hand-crafting Minidump files (without MiniDumpWriteDump!!!)☆701May 7, 2025Updated 9 months ago
- ☆892Sep 5, 2023Updated 2 years ago
- Cheatsheet for the commands learned in Attack and Defense Active Directory Lab☆240Dec 4, 2022Updated 3 years ago
- Active Directory Labs/exams Review☆262Mar 18, 2021Updated 4 years ago
- A BloodHound collector for Microsoft Configuration Manager☆391Jul 7, 2025Updated 7 months ago
- A repository with my notable code snippets for Offensive Security's PEN-300 (OSEP) course.☆1,413Jul 27, 2025Updated 7 months ago
- Active Directory Auditing and Enumeration☆517Dec 3, 2025Updated 3 months ago
- Exploit AD CS misconfiguration allowing privilege escalation and persistence from any child domain to full forest compromise☆129Dec 2, 2023Updated 2 years ago
- linWinPwn is a bash script that streamlines the use of a number of Active Directory tools☆2,156Updated this week
- a tool to help operate in EDRs' blind spots☆767Dec 2, 2024Updated last year
- An Ansible collection that installs an SCCM deployment with optional configurations.☆101Dec 8, 2025Updated 2 months ago
- A C# MS SQL toolkit designed for offensive reconnaissance and post-exploitation.☆779Oct 16, 2025Updated 4 months ago
- Powershell tool to automate Active Directory enumeration.☆1,284Sep 9, 2025Updated 5 months ago
- HashKitty is a user-friendly cross-platform Python wrapper for Hashcat designed to provide an easy password cracking experience for both …☆42Jul 18, 2024Updated last year
- A small guide on Unknown/Orphaned SIDs and some PowerShell tools to help you get rid of them.☆20Mar 28, 2022Updated 3 years ago
- Cobalt Strike UDC2 implementation that provides an Slack C2 channel☆63Jan 5, 2026Updated last month