Investigation about ACL abusing for Active Directory Certificate Services (AD CS)
☆130Oct 10, 2021Updated 4 years ago
Alternatives and similar repositories for Abusing_Weak_ACL_on_Certificate_Templates
Users that are interested in Abusing_Weak_ACL_on_Certificate_Templates are comparing it to the libraries listed below
Sorting:
- DirSync is a simple proof of concept PowerShell module to demonstrate the impact of delegating DS-Replication-Get-Changes and DS-Replicat…☆29Apr 26, 2023Updated 2 years ago
- ADCS abuser☆315Feb 6, 2023Updated 3 years ago
- ADCS cert template modification and ACL enumeration☆143Jun 26, 2023Updated 2 years ago
- Collection of remote authentication triggers in C#☆524May 15, 2024Updated last year
- Buggy script to play with GPOs☆122Dec 27, 2024Updated last year
- ☆158Feb 8, 2025Updated last year
- A .NET implementation to dump SAM, SYSTEM, SECURITY registry hives from a remote host☆41Dec 8, 2023Updated 2 years ago
- Simple .NET assembly to interact with services.☆43Sep 27, 2019Updated 6 years ago
- An other No-Fix LPE, NTLMRelay2Self over HTTP (Webdav).☆417Jan 27, 2024Updated 2 years ago
- Programmatically start WebClient from an unprivileged session to enable that juicy privesc.☆78Feb 8, 2023Updated 3 years ago
- Federated Office365 user enumeration based on correlated response trend analysis☆49May 3, 2022Updated 3 years ago
- MS-FSRVP coercion abuse PoC☆302Dec 30, 2021Updated 4 years ago
- ☆74Jun 17, 2025Updated 8 months ago
- official repo for the AdHuntTool (part of the old RedTeamCSharpScripts repo)☆232Jun 10, 2022Updated 3 years ago
- WhoAmI by asking the LDAP service on a domain controller.☆64Feb 8, 2022Updated 4 years ago
- ☆475Nov 20, 2022Updated 3 years ago
- ☆20Sep 6, 2025Updated 6 months ago
- Tooling related to the WAM Bam - Recovering Web Tokens From Office blog post☆130Jan 14, 2023Updated 3 years ago
- From an account member of the group Backup Operators to Domain Admin without RDP or WinRM on the Domain Controller☆439Jan 4, 2025Updated last year
- A simple POC that abuses Backup Operator privileges to remote dump SAM, SYSTEM, and SECURITY☆90Feb 16, 2022Updated 4 years ago
- Kerberos protocol attacker☆139Feb 1, 2021Updated 5 years ago
- Dumping LSASS with a duplicated handle from custom LSA plugin☆204Feb 23, 2022Updated 4 years ago
- ☆199Aug 28, 2025Updated 6 months ago
- DavRelayUp - a universal no-fix local privilege escalation in domain-joined windows workstations where LDAP signing is not enforced (the …☆568Jun 5, 2023Updated 2 years ago
- C# version of Powermad☆169Dec 5, 2023Updated 2 years ago
- A PoC that combines AutodialDLL lateral movement technique and SSP to scrape NTLM hashes from LSASS process.☆301Oct 26, 2022Updated 3 years ago
- Determine if the WebClient Service (WebDAV) is running on a remote system☆143Mar 9, 2024Updated 2 years ago
- .NET 4.0 WinRM API Command Execution☆166Sep 11, 2020Updated 5 years ago
- Check for LDAP protections regarding the relay of NTLM authentication☆530Nov 19, 2024Updated last year
- ☆14Sep 26, 2023Updated 2 years ago
- PoC to coerce authentication from Windows hosts using MS-WSP☆301Sep 7, 2023Updated 2 years ago
- C# Port of LdapRelayScan☆91Nov 26, 2025Updated 3 months ago
- Your Windows syscall hooking factory - feat Canterlot's Gate - All accessible over MCP☆126Updated this week
- ADExplorerSnapshot.py is an AD Explorer snapshot parser. It is made as an ingestor for BloodHound via BOFHound, and also supports full-ob…☆1,055Jan 22, 2026Updated last month
- Retrieve host information from NTLM☆32Feb 4, 2021Updated 5 years ago
- Python version of the C# tool for "Shadow Credentials" attacks☆861Feb 14, 2026Updated 3 weeks ago
- LiquidSnake is a tool that allows operators to perform fileless lateral movement using WMI Event Subscriptions and GadgetToJScript☆345Sep 1, 2021Updated 4 years ago
- Cobalt Strike BOF that identifies Attack Surface Reduction (ASR) rules, actions, and exclusion locations☆160Mar 1, 2024Updated 2 years ago
- A faithful transposition of the key features/functionality of @itm4n's PPLDump project as a BOF.☆143Sep 24, 2021Updated 4 years ago