arth0sz / Practice-AD-CS-Domain-Escalation
Introductory guide on the configuration and subsequent exploitation of Active Directory Certificate Services with Certipy. Based on the white paper Certified Pre-Owned.
☆88Updated last year
Related projects ⓘ
Alternatives and complementary repositories for Practice-AD-CS-Domain-Escalation
- linikatz is a tool to attack AD on UNIX☆138Updated last year
- Repository with quick triggers to help during Pentest in an Active Directory environment.☆37Updated 3 weeks ago
- Inject RDPThief into memory with PowerShell.☆55Updated last month
- Active Directory data ingestor for BloodHound Community Edition written in Rust. 🦀☆104Updated last month
- PowerShell Reverse Shell☆61Updated last year
- Study materials for the Certified Red Team Expert (CRTE) exam, covering essential concepts in red teaming and penetration testing.☆91Updated last year
- Automated exploitation of MSSQL servers at scale☆82Updated this week
- Snaffler reimplementation in Python - https://github.com/SnaffCon/Snaffler☆88Updated 3 weeks ago
- RedInfraCraft automates the deployment of powerful red team infrastructures! It streamlines the setup of C2s, makes it easy to create adv…☆91Updated last week
- My Favorite Offensive Security Scripts☆63Updated last year
- ☆112Updated last year
- MSSprinkler is a password spraying utility for organizations to test their Microsoft Online accounts from an external perspective. It emp…☆69Updated 3 weeks ago
- C# implementation of TokenFinder. Steal M365 access tokens from Office Desktop apps☆133Updated 3 months ago
- Uses rpcdump to locate the ADCS server, and identify if ESC8 is vulnerable from unauthenticated perspective.☆78Updated 2 months ago
- Everything and anything related to password spraying☆126Updated 6 months ago
- ☆51Updated 9 months ago
- Retrieve and display information about active user sessions on remote computers. No admin privileges required.☆165Updated 3 months ago
- Fully automated windows credentials dumper, for SAM (classic passwords) and WINHELLO (pins). Requires to be run from a linux machine with…☆70Updated this week
- ☆135Updated this week
- Bypass AMSI By Dividing files into multiple smaller files☆45Updated last year
- Lord Of Active Directory - automatic vulnerable active directory on AWS☆131Updated last year
- Lateral Movement☆119Updated last year
- The BackupOperatorToolkit contains different techniques allowing you to escalate from Backup Operator to Domain Admin☆166Updated last year
- Most Responder's configuration power in your hand.☆36Updated 8 months ago
- ☆143Updated 8 months ago
- Interactive Shell and Command Execution over Named-Pipes (SMB) for Fileless lateral movement☆88Updated last month
- This tool leverages the Process Forking technique using the RtlCreateProcessReflection API to clone the lsass.exe process. Once the clone…☆162Updated last month
- .NET post-exploitation toolkit for Active Directory reconnaissance and exploitation☆219Updated 3 weeks ago
- Tool for enumerating Active Directory environments☆46Updated last year