horizon3ai / backup_dc_registryView external linksLinks
A simple POC that abuses Backup Operator privileges to remote dump SAM, SYSTEM, and SECURITY
☆89Feb 16, 2022Updated 4 years ago
Alternatives and similar repositories for backup_dc_registry
Users that are interested in backup_dc_registry are comparing it to the libraries listed below
Sorting:
- From an account member of the group Backup Operators to Domain Admin without RDP or WinRM on the Domain Controller☆439Jan 4, 2025Updated last year
- pyForgeCert is a Python equivalent of the ForgeCert.☆69Aug 15, 2023Updated 2 years ago
- ADCS cert template modification and ACL enumeration☆144Jun 26, 2023Updated 2 years ago
- Tools for Kerberos PKINIT and relaying to AD CS☆876Jan 3, 2025Updated last year
- Python version of the C# tool for "Shadow Credentials" attacks☆851Feb 1, 2026Updated 2 weeks ago
- Determine if the WebClient Service (WebDAV) is running on a remote system☆27Sep 29, 2021Updated 4 years ago
- ADCS abuser☆313Feb 6, 2023Updated 3 years ago
- Remotely enables Restricted Admin Mode☆215Sep 3, 2021Updated 4 years ago
- Investigation about ACL abusing for Active Directory Certificate Services (AD CS)☆130Oct 10, 2021Updated 4 years ago
- A .NET implementation to dump SAM, SYSTEM, SECURITY registry hives from a remote host☆41Dec 8, 2023Updated 2 years ago
- Proof of Concept for EFSRPC Arbitrary File Upload (CVE-2021-43893)☆64Feb 14, 2022Updated 4 years ago
- A python wrapper to run a command on against all users/computers/DCs of a Windows Domain☆29Sep 24, 2022Updated 3 years ago
- juicypotato for win10 > 1803 & win server 2019☆97Feb 23, 2021Updated 4 years ago
- ☆12Oct 9, 2020Updated 5 years ago
- ☆93Aug 23, 2021Updated 4 years ago
- Beacon Object File allowing creation of Beacons in different sessions.☆82May 23, 2022Updated 3 years ago
- StandIn is a small .NET35/45 AD post-exploitation toolkit☆257Dec 2, 2021Updated 4 years ago
- Partial python implementation of SharpGPOAbuse☆518Nov 9, 2025Updated 3 months ago
- ☆16May 20, 2022Updated 3 years ago
- ☆181Feb 3, 2021Updated 5 years ago
- Windows shellcode encoding and encrypting tool☆20May 4, 2022Updated 3 years ago
- ADExplorerSnapshot.py is an AD Explorer snapshot parser. It is made as an ingestor for BloodHound via BOFHound, and also supports full-ob…☆1,050Jan 22, 2026Updated 3 weeks ago
- Roast in the Middle☆295Sep 19, 2025Updated 4 months ago
- ☆477Nov 20, 2022Updated 3 years ago
- Stop Windows Defender programmatically☆15Jan 17, 2022Updated 4 years ago
- ☆94May 14, 2022Updated 3 years ago
- A collection of Cobalt Strike Malleable C2 profiles☆36Oct 13, 2020Updated 5 years ago
- Active Directory certificate abuse.☆38Feb 9, 2022Updated 4 years ago
- Python tool to Check running WebClient services on multiple targets based on @leechristensen☆286Aug 18, 2021Updated 4 years ago
- An other No-Fix LPE, NTLMRelay2Self over HTTP (Webdav).☆417Jan 27, 2024Updated 2 years ago
- Dump NTDS with golden certificates and UnPAC the hash☆647Mar 20, 2024Updated last year
- Framework for Kerberos relaying☆939May 29, 2022Updated 3 years ago
- D/Invoke port of UrbanBishop☆30Dec 13, 2020Updated 5 years ago
- DFSCoerce exe revisited version with custom authentication☆42Jan 13, 2024Updated 2 years ago
- WhoAmI by asking the LDAP service on a domain controller.☆64Feb 8, 2022Updated 4 years ago
- ☆133Dec 19, 2020Updated 5 years ago
- Proof-of-Concept tool to authenticate to an LDAP/S server with a certificate through Schannel☆725Sep 3, 2025Updated 5 months ago
- Dumping SAM / SECURITY / SYSTEM registry hives with a Beacon Object File☆216Oct 8, 2020Updated 5 years ago
- Whisker is a C# tool for taking over Active Directory user and computer accounts by manipulating their msDS-KeyCredentialLink attribute, …☆930Nov 11, 2024Updated last year