Quick and dirty PowerShell script to abuse the overly permissive capabilities of the SYSTEM user in a child domain on the Public Key Services and Enrollment Services ADCS containers to obtain Enterprise Administrator from Domain Administrator. Works by enabling a user to perform ESC1 (Enrolee supplying the SAN).
☆29Jul 25, 2023Updated 2 years ago
Alternatives and similar repositories for PKI-Escalate
Users that are interested in PKI-Escalate are comparing it to the libraries listed below
Sorting:
- ☆19Sep 17, 2025Updated 5 months ago
- GetSystem-LCI is a PowerShell script to escalate privileges from Administrator to NT AUTHORITY\SYSTEM by abusing LanguageComponentsInstal…☆36Nov 24, 2024Updated last year
- Pure PowerShell port of PassTheCert tool to authenticate to an LDAP/S server with a certificate through Schannel☆59Apr 13, 2025Updated 10 months ago
- ☆18May 14, 2025Updated 9 months ago
- aggregated repo for all conferences and talks I am giving☆17Oct 30, 2021Updated 4 years ago
- Identifies LOLDrivers that are not blocked by the active HVCI policy — ideal for BYOVD scenarios.☆34Feb 1, 2026Updated last month
- ☆12Feb 4, 2025Updated last year
- Command Augmentation support for BOFs and .NET assemblies across agents☆40Feb 17, 2026Updated 2 weeks ago
- Mentally ill EtwTi parser☆68Jan 11, 2026Updated last month
- Regex based secret scanner for sccm deployment points sccmcontentlib$ shares. Find secrets automatically and download entire packages for…☆18Aug 13, 2025Updated 6 months ago
- AV/EDR evasion via direct and indirect system calls Windows NT 3.1 through Windows 11 24H2 · x64 · x86 · WoW64 · ARM64☆80Feb 23, 2026Updated last week
- A C# project that builds a Web Application which redirects all HTTPS☆26Feb 11, 2025Updated last year
- ☆14Jun 27, 2024Updated last year
- BloodHound Automation: Collection, Analysis and Data Import☆19Nov 12, 2025Updated 3 months ago
- A simple PE loader.☆27Dec 9, 2022Updated 3 years ago
- ☆52Feb 8, 2024Updated 2 years ago
- all random stuff that dont warrant a seperate repo☆12Sep 2, 2022Updated 3 years ago
- Impersonate Windows tokens in Nim☆23Aug 4, 2025Updated 7 months ago
- DomainPasswordSpray is a tool written in PowerShell to perform a password spray attack against users of a domain. By default it will auto…☆13Jul 16, 2025Updated 7 months ago
- Process injection via KernelCallbackTable☆13Jan 28, 2022Updated 4 years ago
- An improvement and a different approach to Mockingjay Self-Injection.☆35May 21, 2024Updated last year
- A modern GoPhish fork with improved tracking accuracy and smarter detection.☆87Feb 16, 2026Updated 2 weeks ago
- ☆30Aug 24, 2025Updated 6 months ago
- A tool for carrying out brute force attacks against Office 365, with built in IP rotation use AWS gateways.☆80Jun 6, 2024Updated last year
- ☆58Feb 16, 2025Updated last year
- Demonstration of Early Bird APC Injection - MITRE ID T1055.004☆35Oct 31, 2023Updated 2 years ago
- A LAPS dumper written using the impacket library.☆32May 22, 2023Updated 2 years ago
- Identifies the bytes that Microsoft Defender / AMSI Consumer flags on.☆11May 17, 2024Updated last year
- ☆33Feb 13, 2026Updated 3 weeks ago
- Powershell Script to enumerate AzureAD and output good data☆14Nov 8, 2023Updated 2 years ago
- .NET tool used to enrich RPC telemetry☆101Jan 24, 2026Updated last month
- A basic exemple of the API-Hashing method used by Red Teamers but also by malwares developers in C++☆37Jan 10, 2024Updated 2 years ago
- Test AMSI Provider implementation in C#☆42Dec 18, 2024Updated last year
- ☆38Jan 7, 2025Updated last year
- process hollowing variant using NtCreateSection + NtMapViewOfSection + ResumeThread☆31Jan 9, 2022Updated 4 years ago
- CVE-2024-23897 jenkins-cli☆15Jan 27, 2024Updated 2 years ago
- ☆18Sep 1, 2025Updated 6 months ago
- converts sRDI compatible dlls to shellcode☆35Jan 20, 2025Updated last year
- ☆50Jun 4, 2025Updated 9 months ago