horizon3ai/backup_dc_registry external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

horizon3ai/backup_dc_registry

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/horizon3ai/backup_dc_registry)

Close

horizon3ai / backup_dc_registryView on GitHubMore

• External links
• Readme badge

A simple POC that abuses Backup Operator privileges to remote dump SAM, SYSTEM, and SECURITY

☆94Feb 16, 2022Updated 4 years ago

Alternatives and similar repositories for backup_dc_registry

Users that are interested in backup_dc_registry are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• mpgn / BackupOperatorToDA

  View on GitHub
  From an account member of the group Backup Operators to Domain Admin without RDP or WinRM on the Domain Controller
  ☆447Jan 4, 2025Updated last year
• fortalice / modifyCertTemplate

  View on GitHub
  ADCS cert template modification and ACL enumeration
  ☆145Jun 26, 2023Updated 3 years ago
• Ridter / pyForgeCert

  View on GitHub
  pyForgeCert is a Python equivalent of the ForgeCert.
  ☆69Aug 15, 2023Updated 2 years ago
• xforcered / GetWebDAVStatus

  View on GitHub
  Determine if the WebClient Service (WebDAV) is running on a remote system
  ☆28Sep 29, 2021Updated 4 years ago
• dirkjanm / PKINITtools

  View on GitHub
  Tools for Kerberos PKINIT and relaying to AD CS
  ☆908Jan 3, 2025Updated last year
• Managed hosting for WordPress and PHP on Cloudways • Ad
  Managed hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
• ShutdownRepo / pywhisker

  View on GitHub
  Python version of the C# tool for "Shadow Credentials" attacks
  ☆909Jun 17, 2026Updated last week
• GhostPack / RestrictedAdmin

  View on GitHub
  Remotely enables Restricted Admin Mode
  ☆214Sep 3, 2021Updated 4 years ago
• mitchmoser / LACheck

  View on GitHub
  ☆93Aug 23, 2021Updated 4 years ago
• xforcered / StandIn

  View on GitHub
  StandIn is a small .NET35/45 AD post-exploitation toolkit
  ☆257Dec 2, 2021Updated 4 years ago
• jbaines-r7 / blankspace

  View on GitHub
  Proof of Concept for EFSRPC Arbitrary File Upload (CVE-2021-43893)
  ☆64Feb 14, 2022Updated 4 years ago
• p0dalirius / TargetAllDomainObjects

  View on GitHub
  A python wrapper to run a command on against all users/computers/DCs of a Windows Domain
  ☆31Sep 24, 2022Updated 3 years ago
• c3c / ADExplorerSnapshot

  View on GitHub
  ADExplorerSnapshot.py is an AD Explorer snapshot parser. It is made as an ingestor for BloodHound via BOFHound, and also supports full-ob…
  ☆1,092Apr 29, 2026Updated 2 months ago
• zer1t0 / certi

  View on GitHub
  ADCS abuser
  ☆321Feb 6, 2023Updated 3 years ago
• snovvcrash / RemoteRegSave

  View on GitHub
  A .NET implementation to dump SAM, SYSTEM, SECURITY registry hives from a remote host
  ☆41Dec 8, 2023Updated 2 years ago
• 1-Click AI Models by DigitalOcean Gradient • Ad
  Deploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click. Zero configuration with optimized deployments.
• daem0nc0re / Abusing_Weak_ACL_on_Certificate_Templates

  View on GitHub
  Investigation about ACL abusing for Active Directory Certificate Services (AD CS)
  ☆136Oct 10, 2021Updated 4 years ago
• Octoberfest7 / JumpSession_BOF

  View on GitHub
  Beacon Object File allowing creation of Beacons in different sessions.
  ☆84May 23, 2022Updated 4 years ago
• pkb1s / SharpRelay

  View on GitHub
  ☆182Feb 3, 2021Updated 5 years ago
• Hackndo / pyGPOAbuse

  View on GitHub
  Partial python implementation of SharpGPOAbuse
  ☆575Jun 13, 2026Updated 2 weeks ago
• X-C3LL / GPOwned

  View on GitHub
  Buggy script to play with GPOs
  ☆131Dec 27, 2024Updated last year
• Dliv3 / cve-2019-1040-scanner

  View on GitHub
  ☆10Oct 9, 2020Updated 5 years ago
• Tw1sm / RITM

  View on GitHub
  Roast in the Middle
  ☆294Sep 19, 2025Updated 9 months ago
• EspressoCake / BeaconDownloadSync

  View on GitHub
  ☆93May 14, 2022Updated 4 years ago
• loland / inlineExecute

  View on GitHub
  Cobalt Strike BOF
  ☆58Dec 10, 2025Updated 6 months ago
• Bare Metal GPUs on DigitalOcean Gradient AI • Ad
  Purpose-built for serious AI teams training foundational models, running large-scale inference, and pushing the boundaries of what's possible.
• rvrsh3ll / RuralBishop

  View on GitHub
  D/Invoke port of UrbanBishop
  ☆30Dec 13, 2020Updated 5 years ago
• mez-0 / winrmdll

  View on GitHub
  C++ WinRM API via Reflective DLL
  ☆145Sep 11, 2021Updated 4 years ago
• decoder-it / juicy_2

  View on GitHub
  juicypotato for win10 > 1803 & win server 2019
  ☆97Feb 23, 2021Updated 5 years ago
• cube0x0 / KrbRelay

  View on GitHub
  Framework for Kerberos relaying
  ☆951May 29, 2022Updated 4 years ago
• zblurx / certsync

  View on GitHub
  Dump NTDS with golden certificates and UnPAC the hash
  ☆651Mar 20, 2024Updated 2 years ago
• med0x2e / NTLMRelay2Self

  View on GitHub
  An other No-Fix LPE, NTLMRelay2Self over HTTP (Webdav).
  ☆419Jan 27, 2024Updated 2 years ago
• aniqfakhrul / certifried.py

  View on GitHub
  ☆16May 20, 2022Updated 4 years ago
• bats3c / ADCSPwn

  View on GitHub
  A tool to escalate privileges in an active directory network by coercing authenticate from machine accounts and relaying to the certifica…
  ☆876Mar 20, 2023Updated 3 years ago
• mhaskar / MalleableC2-Profiles

  View on GitHub
  A collection of Cobalt Strike Malleable C2 profiles
  ☆36Oct 13, 2020Updated 5 years ago
• Managed hosting for WordPress and PHP on Cloudways • Ad
  Managed hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
• kaluche / bloodhound-quickwin

  View on GitHub
  Simple script to extract useful informations from the combo BloodHound + Neo4j
  ☆273Apr 4, 2025Updated last year
• CravateRouge / bloodyAD

  View on GitHub
  BloodyAD is an Active Directory Privilege Escalation Framework
  ☆2,227May 13, 2026Updated last month
• cube0x0 / LdapSignCheck

  View on GitHub
  Beacon Object File & C# project to check LDAP signing
  ☆201Aug 7, 2024Updated last year
• Sq00ky / SMB-Session-Spoofing

  View on GitHub
  ☆121Sep 13, 2023Updated 2 years ago
• Dramelac / GoldenCopy

  View on GitHub
  Copy the properties and groups of a user from neo4j (bloodhound) to create an identical golden ticket.
  ☆106May 6, 2024Updated 2 years ago
• nettitude / SharpWSUS

  View on GitHub
  ☆499Nov 20, 2022Updated 3 years ago
• AlmondOffSec / PassTheCert

  View on GitHub
  Proof-of-Concept tool to authenticate to an LDAP/S server with a certificate through Schannel
  ☆761Sep 3, 2025Updated 9 months ago