daem0nc0re/Abusing_Weak_ACL_on_Certificate_Templates external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

daem0nc0re/Abusing_Weak_ACL_on_Certificate_Templates

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/daem0nc0re/Abusing_Weak_ACL_on_Certificate_Templates)

Close

daem0nc0re / Abusing_Weak_ACL_on_Certificate_TemplatesView on GitHubMore

• External links
• Readme badge

Investigation about ACL abusing for Active Directory Certificate Services (AD CS)

☆131Oct 10, 2021Updated 4 years ago

Alternatives and similar repositories for Abusing_Weak_ACL_on_Certificate_Templates

Users that are interested in Abusing_Weak_ACL_on_Certificate_Templates are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• simondotsh / DirSync

  View on GitHub
  DirSync is a simple proof of concept PowerShell module to demonstrate the impact of delegating DS-Replication-Get-Changes and DS-Replicat…
  ☆29Apr 26, 2023Updated 2 years ago
• fortalice / modifyCertTemplate

  View on GitHub
  ADCS cert template modification and ACL enumeration
  ☆143Jun 26, 2023Updated 2 years ago
• snovvcrash / RemoteRegSave

  View on GitHub
  A .NET implementation to dump SAM, SYSTEM, SECURITY registry hives from a remote host
  ☆41Dec 8, 2023Updated 2 years ago
• zer1t0 / certi

  View on GitHub
  ADCS abuser
  ☆317Feb 6, 2023Updated 3 years ago
• Coontzy1 / WSUScripts

  View on GitHub
  ☆20Sep 6, 2025Updated 7 months ago
• 1-Click AI Models by DigitalOcean Gradient • Ad
  Deploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click and start building anything your business needs.
• X-C3LL / GPOwned

  View on GitHub
  Buggy script to play with GPOs
  ☆122Dec 27, 2024Updated last year
• cube0x0 / SharpSystemTriggers

  View on GitHub
  Collection of remote authentication triggers in C#
  ☆526May 15, 2024Updated last year
• djhohnstein / SharpSC

  View on GitHub
  Simple .NET assembly to interact with services.
  ☆43Sep 27, 2019Updated 6 years ago
• knavesec / o365fedenum

  View on GitHub
  Federated Office365 user enumeration based on correlated response trend analysis
  ☆49May 3, 2022Updated 3 years ago
• med0x2e / NTLMRelay2Self

  View on GitHub
  An other No-Fix LPE, NTLMRelay2Self over HTTP (Webdav).
  ☆416Jan 27, 2024Updated 2 years ago
• ShutdownRepo / ShadowCoerce

  View on GitHub
  MS-FSRVP coercion abuse PoC
  ☆302Dec 30, 2021Updated 4 years ago
• klezVirus / SharpLdapRelayScan

  View on GitHub
  C# Port of LdapRelayScan
  ☆91Nov 26, 2025Updated 4 months ago
• eversinc33 / SharpStartWebclient

  View on GitHub
  Programmatically start WebClient from an unprivileged session to enable that juicy privesc.
  ☆78Feb 8, 2023Updated 3 years ago
• garrettfoster13 / aced

  View on GitHub
  ☆199Aug 28, 2025Updated 7 months ago
• Managed hosting for WordPress and PHP on Cloudways • Ad
  Managed hosting with the flexibility to host WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Cloudways by DigitalOcean.
• Mr-Un1k0d3r / ADHuntTool

  View on GitHub
  official repo for the AdHuntTool (part of the old RedTeamCSharpScripts repo)
  ☆234Jun 10, 2022Updated 3 years ago
• xpn / sccmwtf

  View on GitHub
  ☆160Feb 8, 2025Updated last year
• mez-0 / CSharpWinRM

  View on GitHub
  .NET 4.0 WinRM API Command Execution
  ☆166Sep 11, 2020Updated 5 years ago
• bugch3ck / SharpLdapWhoami

  View on GitHub
  WhoAmI by asking the LDAP service on a domain controller.
  ☆65Feb 8, 2022Updated 4 years ago
• zyn3rgy / LdapRelayScan

  View on GitHub
  Check for LDAP protections regarding the relay of NTLM authentication
  ☆531Nov 19, 2024Updated last year
• nettitude / SharpWSUS

  View on GitHub
  ☆481Nov 20, 2022Updated 3 years ago
• mpgn / BackupOperatorToDA

  View on GitHub
  From an account member of the group Backup Operators to Domain Admin without RDP or WinRM on the Domain Controller
  ☆442Jan 4, 2025Updated last year
• login-securite / DonPAPI

  View on GitHub
  Dumping DPAPI credz remotely
  ☆1,349Mar 24, 2025Updated last year
• Hagrid29 / DuplicateDump

  View on GitHub
  Dumping LSASS with a duplicated handle from custom LSA plugin
  ☆204Feb 23, 2022Updated 4 years ago
• Virtual machines for every use case on DigitalOcean • Ad
  Get dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
• xpn / WAMBam

  View on GitHub
  Tooling related to the WAM Bam - Recovering Web Tokens From Office blog post
  ☆131Jan 14, 2023Updated 3 years ago
• zer1t0 / cerbero

  View on GitHub
  Kerberos protocol attacker
  ☆139Feb 1, 2021Updated 5 years ago
• horizon3ai / backup_dc_registry

  View on GitHub
  A simple POC that abuses Backup Operator privileges to remote dump SAM, SYSTEM, and SECURITY
  ☆90Feb 16, 2022Updated 4 years ago
• 0xe7 / RoastInTheMiddle

  View on GitHub
  ☆75Jun 17, 2025Updated 9 months ago
• c3c / ADExplorerSnapshot

  View on GitHub
  ADExplorerSnapshot.py is an AD Explorer snapshot parser. It is made as an ingestor for BloodHound via BOFHound, and also supports full-ob…
  ☆1,065Mar 20, 2026Updated 2 weeks ago
• Dec0ne / DavRelayUp

  View on GitHub
  DavRelayUp - a universal no-fix local privilege escalation in domain-joined windows workstations where LDAP signing is not enforced (the …
  ☆568Jun 5, 2023Updated 2 years ago
• G0ldenGunSec / GetWebDAVStatus

  View on GitHub
  Determine if the WebClient Service (WebDAV) is running on a remote system
  ☆144Mar 9, 2024Updated 2 years ago
• mdsecactivebreach / DragonCastle

  View on GitHub
  A PoC that combines AutodialDLL lateral movement technique and SSP to scrape NTLM hashes from LSASS process.
  ☆303Oct 26, 2022Updated 3 years ago
• temp43487580 / mprecon

  View on GitHub
  a small script to collect information from a management point
  ☆37Jan 19, 2026Updated 2 months ago
• Virtual machines for every use case on DigitalOcean • Ad
  Get dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
• RiccardoAncarani / LiquidSnake

  View on GitHub
  LiquidSnake is a tool that allows operators to perform fileless lateral movement using WMI Event Subscriptions and GadgetToJScript
  ☆344Sep 1, 2021Updated 4 years ago
• slemire / WSPCoerce

  View on GitHub
  PoC to coerce authentication from Windows hosts using MS-WSP
  ☆304Sep 7, 2023Updated 2 years ago
• boku7 / xPipe

  View on GitHub
  Cobalt Strike BOF to list Windows Pipes & return their Owners & DACL Permissions
  ☆95Mar 8, 2023Updated 3 years ago
• Kevin-Robertson / Sharpmad

  View on GitHub
  C# version of Powermad
  ☆170Dec 5, 2023Updated 2 years ago
• x42en / sysplant

  View on GitHub
  Your Windows syscall hooking factory - feat Canterlot's Gate - All accessible over MCP
  ☆128Apr 2, 2026Updated last week
• Semperis / GoldenGMSA

  View on GitHub
  GolenGMSA tool for working with GMSA passwords
  ☆172Aug 21, 2025Updated 7 months ago
• CCob / lsarelayx

  View on GitHub
  NTLM relaying for Windows made easy
  ☆580Apr 25, 2023Updated 2 years ago