daem0nc0re/Abusing_Weak_ACL_on_Certificate_Templates external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

daem0nc0re/Abusing_Weak_ACL_on_Certificate_Templates

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/daem0nc0re/Abusing_Weak_ACL_on_Certificate_Templates)

Close

daem0nc0re / Abusing_Weak_ACL_on_Certificate_TemplatesView on GitHubMore

• External links
• Readme badge

Investigation about ACL abusing for Active Directory Certificate Services (AD CS)

☆134Oct 10, 2021Updated 4 years ago

Alternatives and similar repositories for Abusing_Weak_ACL_on_Certificate_Templates

Users that are interested in Abusing_Weak_ACL_on_Certificate_Templates are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• simondotsh / DirSync

  View on GitHub
  DirSync is a simple proof of concept PowerShell module to demonstrate the impact of delegating DS-Replication-Get-Changes and DS-Replicat…
  ☆29Apr 26, 2023Updated 3 years ago
• fortalice / modifyCertTemplate

  View on GitHub
  ADCS cert template modification and ACL enumeration
  ☆144Jun 26, 2023Updated 2 years ago
• snovvcrash / RemoteRegSave

  View on GitHub
  A .NET implementation to dump SAM, SYSTEM, SECURITY registry hives from a remote host
  ☆41Dec 8, 2023Updated 2 years ago
• zer1t0 / certi

  View on GitHub
  ADCS abuser
  ☆319Feb 6, 2023Updated 3 years ago
• Coontzy1 / WSUScripts

  View on GitHub
  ☆23Sep 6, 2025Updated 7 months ago
• Managed Kubernetes at scale on DigitalOcean • Ad
  DigitalOcean Kubernetes includes the control plane, bandwidth allowance, container registry, automatic updates, and more for free.
• X-C3LL / GPOwned

  View on GitHub
  Buggy script to play with GPOs
  ☆126Dec 27, 2024Updated last year
• cube0x0 / SharpSystemTriggers

  View on GitHub
  Collection of remote authentication triggers in C#
  ☆528May 15, 2024Updated last year
• djhohnstein / SharpSC

  View on GitHub
  Simple .NET assembly to interact with services.
  ☆43Sep 27, 2019Updated 6 years ago
• knavesec / o365fedenum

  View on GitHub
  Federated Office365 user enumeration based on correlated response trend analysis
  ☆49May 3, 2022Updated 3 years ago
• med0x2e / NTLMRelay2Self

  View on GitHub
  An other No-Fix LPE, NTLMRelay2Self over HTTP (Webdav).
  ☆419Jan 27, 2024Updated 2 years ago
• ShutdownRepo / ShadowCoerce

  View on GitHub
  MS-FSRVP coercion abuse PoC
  ☆302Dec 30, 2021Updated 4 years ago
• klezVirus / SharpLdapRelayScan

  View on GitHub
  C# Port of LdapRelayScan
  ☆92Nov 26, 2025Updated 5 months ago
• eversinc33 / SharpStartWebclient

  View on GitHub
  Programmatically start WebClient from an unprivileged session to enable that juicy privesc.
  ☆78Feb 8, 2023Updated 3 years ago
• garrettfoster13 / aced

  View on GitHub
  ☆199Aug 28, 2025Updated 8 months ago
• Bare Metal GPUs on DigitalOcean Gradient AI • Ad
  Purpose-built for serious AI teams training foundational models, running large-scale inference, and pushing the boundaries of what's possible.
• Mr-Un1k0d3r / ADHuntTool

  View on GitHub
  official repo for the AdHuntTool (part of the old RedTeamCSharpScripts repo)
  ☆234Jun 10, 2022Updated 3 years ago
• xpn / sccmwtf

  View on GitHub
  ☆162Feb 8, 2025Updated last year
• mez-0 / CSharpWinRM

  View on GitHub
  .NET 4.0 WinRM API Command Execution
  ☆165Sep 11, 2020Updated 5 years ago
• bugch3ck / SharpLdapWhoami

  View on GitHub
  WhoAmI by asking the LDAP service on a domain controller.
  ☆66Feb 8, 2022Updated 4 years ago
• zyn3rgy / LdapRelayScan

  View on GitHub
  Check for LDAP protections regarding the relay of NTLM authentication
  ☆531Nov 19, 2024Updated last year
• nettitude / SharpWSUS

  View on GitHub
  ☆489Nov 20, 2022Updated 3 years ago
• mpgn / BackupOperatorToDA

  View on GitHub
  From an account member of the group Backup Operators to Domain Admin without RDP or WinRM on the Domain Controller
  ☆443Jan 4, 2025Updated last year
• login-securite / DonPAPI

  View on GitHub
  Dumping DPAPI credz remotely
  ☆1,361Mar 24, 2025Updated last year
• xpn / WAMBam

  View on GitHub
  Tooling related to the WAM Bam - Recovering Web Tokens From Office blog post
  ☆130Jan 14, 2023Updated 3 years ago
• Managed hosting for WordPress and PHP on Cloudways • Ad
  Managed hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
• zer1t0 / cerbero

  View on GitHub
  Kerberos protocol attacker
  ☆139Feb 1, 2021Updated 5 years ago
• horizon3ai / backup_dc_registry

  View on GitHub
  A simple POC that abuses Backup Operator privileges to remote dump SAM, SYSTEM, and SECURITY
  ☆91Feb 16, 2022Updated 4 years ago
• 0xe7 / RoastInTheMiddle

  View on GitHub
  ☆75Jun 17, 2025Updated 10 months ago
• Hagrid29 / DuplicateDump

  View on GitHub
  Dumping LSASS with a duplicated handle from custom LSA plugin
  ☆206Feb 23, 2022Updated 4 years ago
• c3c / ADExplorerSnapshot

  View on GitHub
  ADExplorerSnapshot.py is an AD Explorer snapshot parser. It is made as an ingestor for BloodHound via BOFHound, and also supports full-ob…
  ☆1,073Mar 20, 2026Updated last month
• Dec0ne / DavRelayUp

  View on GitHub
  DavRelayUp - a universal no-fix local privilege escalation in domain-joined windows workstations where LDAP signing is not enforced (the …
  ☆569Jun 5, 2023Updated 2 years ago
• G0ldenGunSec / GetWebDAVStatus

  View on GitHub
  Determine if the WebClient Service (WebDAV) is running on a remote system
  ☆146Mar 9, 2024Updated 2 years ago
• mdsecactivebreach / DragonCastle

  View on GitHub
  A PoC that combines AutodialDLL lateral movement technique and SSP to scrape NTLM hashes from LSASS process.
  ☆303Oct 26, 2022Updated 3 years ago
• temp43487580 / mprecon

  View on GitHub
  a small script to collect information from a management point
  ☆37Jan 19, 2026Updated 3 months ago
• Wordpress hosting with auto-scaling - Free Trial Offer • Ad
  Fully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
• RiccardoAncarani / LiquidSnake

  View on GitHub
  LiquidSnake is a tool that allows operators to perform fileless lateral movement using WMI Event Subscriptions and GadgetToJScript
  ☆347Sep 1, 2021Updated 4 years ago
• boku7 / xPipe

  View on GitHub
  Cobalt Strike BOF to list Windows Pipes & return their Owners & DACL Permissions
  ☆96Mar 8, 2023Updated 3 years ago
• slemire / WSPCoerce

  View on GitHub
  PoC to coerce authentication from Windows hosts using MS-WSP
  ☆305Sep 7, 2023Updated 2 years ago
• Kevin-Robertson / Sharpmad

  View on GitHub
  C# version of Powermad
  ☆171Dec 5, 2023Updated 2 years ago
• x42en / sysplant

  View on GitHub
  Your Windows syscall hooking factory - feat Canterlot's Gate - All accessible over MCP
  ☆130Apr 22, 2026Updated last week
• Semperis / GoldenGMSA

  View on GitHub
  GolenGMSA tool for working with GMSA passwords
  ☆172Aug 21, 2025Updated 8 months ago
• CCob / lsarelayx

  View on GitHub
  NTLM relaying for Windows made easy
  ☆580Apr 25, 2023Updated 3 years ago