bodik / awesome-potatoes
Study notes on Windows NTLM Reflection and token stealing based EOPs.
☆18Updated 3 years ago
Related projects: ⓘ
- Perform Windows domain enumeration via LDAP☆36Updated 2 years ago
- ☆20Updated this week
- Bypass Constrained Language Mode in PowerShell☆26Updated 5 years ago
- A cloud automation system for Red Teams based on Terraform and Ansible☆24Updated 3 years ago
- ☆17Updated last year
- Execute Mimikatz with different technique☆50Updated 2 years ago
- Convert ldapdomaindump to Bloodhound☆76Updated 9 months ago
- c# reverse shell poc☆27Updated 5 years ago
- Utility to analyse, ingest and push out credentials from common data sources during an internal penetration test.☆19Updated 2 years ago
- ☆30Updated 4 years ago
- Retrieve LAPS passwords from a domain. The tools is inspired in pyLAPS.☆29Updated 3 months ago
- A multithreaded, queued SSH key and/or password spraying tool.☆15Updated last year
- A little implant which SSH's back with a shell☆36Updated 2 years ago
- Slides for the talk we presented as UniPi at DefCon's Red Team Village☆23Updated 2 years ago
- A collection of tools using OCR to extract potential usernames from RDP screenshots.☆26Updated 5 months ago
- WhoAmI by asking the LDAP service on a domain controller.☆58Updated 2 years ago
- A fast wordlist to nthash converter☆21Updated 2 years ago
- Script written in python to perform Resource-Based Constrained Delegation (RBCD) attack by leveraging Impacket toolkit.☆19Updated 3 years ago
- My BloodHound custom queries☆22Updated last year
- A small Python-Script to extract NetNTLMv2 Hashes from NTMLssp-HTTP-Authentications, which were captured in a pcap.☆23Updated last year
- Multi-threaded C2 framework built in Flask with keylogger - from the Offensive C# Course by Naga Sai Nikhil☆20Updated 2 years ago
- Cisco CallManager User Enumeration☆15Updated 2 years ago
- Port forwarding via MSRPC (445/tcp) [WIP]☆31Updated 3 years ago
- Use rpc null sessions to retrieve machine list, domain admin list, domain controllers☆12Updated last year
- Cobalt Strike BOF to list Windows Pipes & return their Owners & DACL Permissions☆51Updated 2 years ago
- Similar to Petitpotam, the netdfs service is enabled in Windows Server and AD environments, and the abused RPC method allows privileged p…☆49Updated 2 years ago
- Code for profiling sandboxes - Initially an idea to profile sandboxes, the code is written to take enviromental variables and send them b…☆19Updated 5 months ago
- Log converter from CS log to Ghostwriter CSV☆28Updated 3 years ago
- Multi-thread AzureAD Autologon SSO Password Sprayer.☆38Updated 2 years ago
- Searching .evtx logs for remote connections☆23Updated last year