Quick and dirty PowerShell script to abuse the overly permissive capabilities of the SYSTEM user in a child domain on the Public Key Services and Enrollment Services ADCS containers to obtain Enterprise Administrator from Domain Administrator. Works by enabling a user to perform ESC1 (Enrolee supplying the SAN).
☆29Jul 25, 2023Updated 2 years ago
Alternatives and similar repositories for PKI-Escalate
Users that are interested in PKI-Escalate are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- ☆19Sep 17, 2025Updated 8 months ago
- aggregated repo for all conferences and talks I am giving☆17Oct 30, 2021Updated 4 years ago
- Spot all domain controllers in a Microsoft Active Directory environment. Find computer name, FQDN, and IP address(es) of all DCs.☆20Jun 23, 2024Updated last year
- Mentally ill EtwTi parser☆73Jan 11, 2026Updated 4 months ago
- ☆13Feb 4, 2025Updated last year
- 1-Click AI Models by DigitalOcean Gradient • AdDeploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click. Zero configuration with optimized deployments.
- GetSystem-LCI is a PowerShell script to escalate privileges from Administrator to NT AUTHORITY\SYSTEM by abusing LanguageComponentsInstal…☆36Nov 24, 2024Updated last year
- Command Augmentation support for BOFs and .NET assemblies across agents☆45May 6, 2026Updated 3 weeks ago
- A simple PE loader.☆27Dec 9, 2022Updated 3 years ago
- Identifies LOLDrivers that are not blocked by the active HVCI policy — ideal for BYOVD scenarios.☆36May 21, 2026Updated last week
- Proof-of-Concept to evade auditd by tampering via ptrace☆19Aug 3, 2023Updated 2 years ago
- Pure PowerShell port of PassTheCert tool to authenticate to an LDAP/S server with a certificate through Schannel☆64Apr 13, 2025Updated last year
- Brute Ratel LDAP filtering and sorting tool. Easily take BR log output and pull hostnames for ease of use with other red team tooling. Su…☆39Nov 16, 2023Updated 2 years ago
- A C# project that builds a Web Application which redirects all HTTPS☆26Feb 11, 2025Updated last year
- ☆37May 4, 2026Updated 3 weeks ago
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
- BloodHound Automation: Collection, Analysis and Data Import☆21May 11, 2026Updated 2 weeks ago
- Impersonate Windows tokens in Nim☆23Aug 4, 2025Updated 9 months ago
- Regex based secret scanner for sccm deployment points sccmcontentlib$ shares. Find secrets automatically and download entire packages for…☆18Aug 13, 2025Updated 9 months ago
- ☆15Jun 27, 2024Updated last year
- all random stuff that dont warrant a seperate repo☆12Sep 2, 2022Updated 3 years ago
- A LAPS dumper written using the impacket library.☆32May 22, 2023Updated 3 years ago
- Process injection via KernelCallbackTable☆13Jan 28, 2022Updated 4 years ago
- ☆51Feb 8, 2024Updated 2 years ago
- A tool for carrying out brute force attacks against Office 365, with built in IP rotation use AWS gateways.☆80Jun 6, 2024Updated last year
- Deploy to Railway using AI coding agents - Free Credits Offer • AdUse Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
- Low and slow password spraying tool, designed to spray on an interval over a long period of time☆219Jan 30, 2026Updated 3 months ago
- ☆39Jan 7, 2025Updated last year
- An improvement and a different approach to Mockingjay Self-Injection.☆35May 21, 2024Updated 2 years ago
- Adaptive DLL hijacking / dynamic export forwarding - EAT preserve☆79Aug 5, 2024Updated last year
- ☆23Mar 19, 2026Updated 2 months ago
- BadExclusions is a tool to identify folder custom or undocumented exclusions on AV/EDR☆21Feb 8, 2024Updated 2 years ago
- Quick script to view members on Fetlife and create a list of them☆16Mar 17, 2026Updated 2 months ago
- ☆57Feb 16, 2025Updated last year
- Nim Shellcode Injector☆15Jan 24, 2021Updated 5 years ago
- Serverless GPU API endpoints on Runpod - Get Bonus Credits • AdSkip the infrastructure headaches. Auto-scaling, pay-as-you-go, no-ops approach lets you focus on innovating your application.
- Windows File Enumeration Intel Gathering Tool.☆17Sep 4, 2023Updated 2 years ago
- DomainPasswordSpray is a tool written in PowerShell to perform a password spray attack against users of a domain. By default it will auto…☆14Apr 2, 2026Updated last month
- Dangling COM Keys Finder☆17Nov 16, 2021Updated 4 years ago
- powershell script i wrote that can suspend an arbitrary process (with limits)☆22Mar 26, 2023Updated 3 years ago
- An executable that simplifies adding the msds-AllowedToActOnBehalfOfOtherIdentity attribute for RBCD☆49Mar 10, 2025Updated last year
- ☆28Aug 24, 2025Updated 9 months ago
- A modern GoPhish fork with improved tracking accuracy and smarter detection.☆92Feb 16, 2026Updated 3 months ago