arth0sz / Practice-AD-CS-Domain-EscalationView external linksLinks
Introductory guide on the configuration and subsequent exploitation of Active Directory Certificate Services with Certipy. Based on the white paper Certified Pre-Owned.
☆140Sep 4, 2023Updated 2 years ago
Alternatives and similar repositories for Practice-AD-CS-Domain-Escalation
Users that are interested in Practice-AD-CS-Domain-Escalation are comparing it to the libraries listed below
Sorting:
- Red teaming tool to dump LSASS memory, bypassing basic countermeasures.☆245Nov 2, 2025Updated 3 months ago
- LSASS memory dumper using only NTAPIs, creating a minimal minidump. It can be compiled as shellcode (PIC), supports XOR encryption, and r…☆381Apr 26, 2025Updated 9 months ago
- Generate password spraying lists based on the pwdLastSet-attribute of users.☆55Dec 6, 2023Updated 2 years ago
- Attack Active Directory Trusts with a single tool☆14Jan 15, 2025Updated last year
- ☆341Nov 10, 2025Updated 3 months ago
- Dynamically convert an unmanaged EXE or DLL file to PIC shellcode by prepending a shellcode stub.☆325Apr 12, 2024Updated last year
- The program uses the Windows API functions to traverse through directories and locate DLL files with RWX section☆111Jul 15, 2023Updated 2 years ago
- A Python POC for CRED1 over SOCKS5☆164Oct 5, 2024Updated last year
- The GPOddity project, aiming at automating GPO attack vectors through NTLM relaying (and more).☆358Dec 13, 2025Updated 2 months ago
- An EDR bypass that prevents EDRs from hooking or loading DLLs into our process by hijacking the AppVerifier layer☆539Feb 13, 2024Updated 2 years ago
- Run Cobalt Strike BOFs in Brute Ratel C4!☆86Apr 15, 2025Updated 10 months ago
- .NET assembly loader with patchless AMSI and ETW bypass☆366Apr 19, 2023Updated 2 years ago
- SharpSuccessor is a .NET Proof of Concept (POC) for fully weaponizing Yuval Gordon’s (@YuG0rd) BadSuccessor attack from Akamai.☆384Sep 26, 2025Updated 4 months ago
- PoC module to demonstrate automated lateral movement with the Havoc C2 framework.☆307Dec 9, 2023Updated 2 years ago
- Abuse leaked token handles.☆134Dec 14, 2023Updated 2 years ago
- NyxInvoke is a Rust CLI tool for running .NET assemblies, PowerShell, and BOFs with Patchless AMSI and ETW bypass features. with Dual-bui…☆231Feb 12, 2025Updated last year
- Bypassing UAC with SSPI Datagram Contexts☆460Sep 24, 2023Updated 2 years ago
- ☆84Nov 21, 2024Updated last year
- Dump lsass using only NTAPI functions by hand-crafting Minidump files (without MiniDumpWriteDump!!!)☆698May 7, 2025Updated 9 months ago
- C++ self-Injecting dropper based on various EDR evasion techniques.☆425Feb 11, 2024Updated 2 years ago
- Indirect Dynamic Syscall, SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird …☆772Jan 26, 2026Updated 2 weeks ago
- MaLDAPtive is a framework for LDAP SearchFilter parsing, obfuscation, deobfuscation and detection.☆336Aug 7, 2024Updated last year
- Proof of Concepts code for Bring Your Own Vulnerable Driver techniques☆91Aug 21, 2025Updated 5 months ago
- BOF and Python3 implementation of technique to unbind 445/tcp on Windows via SCM interactions☆345Nov 19, 2024Updated last year
- A RunAs clone with the ability to specify the password as an argument.☆112Jul 2, 2023Updated 2 years ago
- Native Syscalls Shellcode Injector☆267Jul 2, 2023Updated 2 years ago
- DCOM Lateral movement POC abusing the IMsiServer interface - uploads and executes a payload remotely☆381Dec 13, 2024Updated last year
- Dump NTDS with golden certificates and UnPAC the hash☆647Mar 20, 2024Updated last year
- ☆378Oct 17, 2025Updated 3 months ago
- ☆290Jul 20, 2023Updated 2 years ago
- SoaPy is a Proof of Concept (PoC) tool for conducting offensive interaction with Active Directory Web Services (ADWS) from Linux hosts.☆260Feb 21, 2025Updated 11 months ago
- Ask a TGS on behalf of another user without password☆481Mar 30, 2025Updated 10 months ago
- A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.☆408Jan 11, 2026Updated last month
- UAC Bypass By Abusing Kerberos Tickets☆508Aug 10, 2023Updated 2 years ago
- Tool to remotely dump secrets from the Windows registry☆522Nov 18, 2025Updated 2 months ago
- Collection of random RedTeam scripts.☆211Mar 8, 2024Updated last year
- linikatz is a tool to attack AD on UNIX☆155Oct 19, 2023Updated 2 years ago
- SeManageVolumePrivilege to SYSTEM☆146Nov 22, 2023Updated 2 years ago
- Interactive Shell and Command Execution over Named-Pipes (SMB) for Fileless lateral movement☆181May 19, 2025Updated 8 months ago