horizon3ai / backup_dc_registryLinks
A simple POC that abuses Backup Operator privileges to remote dump SAM, SYSTEM, and SECURITY
☆86Updated 3 years ago
Alternatives and similar repositories for backup_dc_registry
Users that are interested in backup_dc_registry are comparing it to the libraries listed below
Sorting:
- A technique to coerce a Windows SQL Server to authenticate on an arbitrary machine.☆131Updated 2 years ago
- ADCS cert template modification and ACL enumeration☆143Updated 2 years ago
- DCSync Attack from Outside using Impacket☆115Updated 3 years ago
- Proof of Concept Utilities Developed to Research NTLM Relaying Attacks Targeting ADFS☆186Updated 3 years ago
- Static standalone binaries for Linux and Windows (x64) of Python offensive tools. Compiled using PyInstaller, Docker for Windows, WSL2, a…☆107Updated 3 years ago
- ☆92Updated 2 years ago
- Powershell version of SharpGPOAbuse☆87Updated 4 years ago
- Determine if the WebClient Service (WebDAV) is running on a remote system☆140Updated last year
- ☆52Updated 3 years ago
- A small tool to convert Base64-encoded .kirbi tickets from Rubeus into .ccache files for Impacket☆66Updated 5 years ago
- C# version of Powermad☆168Updated last year
- ☆100Updated 2 years ago
- SeRestorePrivilege to SYSTEM☆126Updated 4 years ago
- Cobalt Strike BOF that identifies Attack Surface Reduction (ASR) rules, actions, and exclusion locations☆160Updated last year
- The BackupOperatorToolkit contains different techniques allowing you to escalate from Backup Operator to Domain Admin☆175Updated 2 years ago
- Buggy script to play with GPOs☆116Updated 9 months ago
- Repository contains psexec, which will help to exploit the forgotten pipe☆170Updated 11 months ago
- Simple C# implementation of PowerUpSQL☆94Updated last year
- wspcoerce coerces a Windows computer account via SMB to an arbitrary target using MS-WSP☆117Updated 3 months ago
- Beacon Object File & C# project to check LDAP signing☆193Updated last year
- ☆142Updated 3 years ago
- C# POC to extract NetNTLMv1/v2 hashes from ETW provider☆258Updated 2 years ago
- A RunAs clone with the ability to specify the password as an argument.☆111Updated 2 years ago
- ☆231Updated last year
- ACL abuse swiss-knife☆123Updated 2 years ago
- Cobalt Strike External C2 Integration With Azure Servicebus, C2 traffic via Azure Servicebus☆242Updated 3 years ago
- Investigation about ACL abusing for Active Directory Certificate Services (AD CS)☆128Updated 4 years ago
- An all-in-one Cobalt Strike BOF to patch, check and revert AMSI and ETW for x64 process. Both syscalls and dynamic resolve versions are a…☆136Updated 3 years ago
- Useful Cobalt Strike Beacon Object Files (BOFs) used during red teaming and penetration testing engagements.☆125Updated 3 years ago
- Exploit for CVE-2023-27532 against Veeam Backup & Replication☆114Updated 2 years ago