heartburn-dev / PKI-Escalate

Quick and dirty PowerShell script to abuse the overly permissive capabilities of the SYSTEM user in a child domain on the Public Key Services and Enrollment Services ADCS containers to obtain Enterprise Administrator from Domain Administrator. Works by enabling a user to perform ESC1 (Enrolee supplying the SAN).

☆25

Alternatives and similar repositories for PKI-Escalate:

Users that are interested in PKI-Escalate are comparing it to the libraries listed below

Mr-Un1k0d3r / MsGraphFunzy
Scripts to interact with Microsoft Graph APIs
☆36Updated 5 months ago
whokilleddb / SOAPHound
SOAPHound is a custom-developed .NET data collector tool which can be used to enumerate Active Directory environments via the Active Dire…
☆33Updated 10 months ago
myexploit / living_off_the_land
☆43Updated 9 months ago
skelsec / adiskreader-secretsdump
Extract registry and NTDS secrets from local or remote disk images
☆39Updated last month
outflanknl / RedELK-workshop
Items related to the RedELK workshop given at security conferences
☆29Updated last year
OtterHacker / Cerbere
☆47Updated 2 years ago
ToweringDragoon / SACL_Scanner
SACL Scanner is a tool designed to scan and analyze SACLs.
☆38Updated 2 months ago
dunderhay / entraspray
Password spraying tool for Microsoft Online accounts (Entra/Azure/O365)
☆31Updated last year
maliciousgroup / GOADvSphere
A vSphere deployment of GOADv2 BETA Testing (v0.1)
☆26Updated last year
dmcxblue / AzureFunctionRedirector
☆41Updated last week
SySS-Research / ldif2bloodhound
Convert an LDIF file to JSON files ingestible by BloodHound
☆41Updated 2 weeks ago
atomicchonk / roadrecon_mcp_server
Claude MCP server to perform analysis on ROADrecon data
☆30Updated 2 weeks ago
ZephrFish / ADFSDump-PS
PowerShell Implementation of ADFSDump to assist with GoldenSAML
☆31Updated 10 months ago
Tw1sm / pyldapsearch
Tool for issuing manual LDAP queries which offers bofhound compatible output
☆21Updated last month
zblurx / BloodHoundCustomQueries
My BloodHound custom queries
☆23Updated 2 years ago
synacktiv / AADOutsider-py
Python3 rewrite of AsOutsider features of AADInternals
☆43Updated 3 months ago
4ndr34z / prenum
☆27Updated last year
LuemmelSec / CVE-2023-29357
☆52Updated last year
som3canadian / Mythic_NimSyscallPacker_Wrapper
Mythic C2 wrapper for NimSyscallPacker
☆24Updated last month
kapellos / VladimiRED
☆18Updated 4 months ago
MythicAgents / nemesis
Nemesis agent for Mythic
☆27Updated 7 months ago
OtterHacker / ShareFouine
☆50Updated 5 months ago
nullenc0de / trust-validator
Validates priv escalation of AD trusts
☆39Updated 2 weeks ago
MythicC2Profiles / discord
Discord C2 Profile for Mythic
☆28Updated 2 months ago
0xe7 / RoastInTheMiddle
☆71Updated last year
outflanknl / Training-MSOfficeOffensiveTradecraft
Info related to the Outflank training: Microsoft Office Offensive Tradecraft
☆52Updated 11 months ago
AssuranceMaladieSec / FoxTerrier
Python tool to find vulnerable AD object and generating csv report
☆26Updated 2 years ago
redskal / SharpAzbelt
.NET port of Leron Gray's azbelt tool.
☆26Updated last year
0xB455 / ActiveSyncBruter
☆23Updated last month
xpn / adfstoolkit
☆33Updated 3 months ago