improsec / BackupOperatorToolkitLinks
The BackupOperatorToolkit contains different techniques allowing you to escalate from Backup Operator to Domain Admin
☆176Updated 2 years ago
Alternatives and similar repositories for BackupOperatorToolkit
Users that are interested in BackupOperatorToolkit are comparing it to the libraries listed below
Sorting:
- ☆119Updated 4 months ago
- Automated exploitation of MSSQL servers at scale☆113Updated this week
- ☆160Updated last year
- ACL abuse swiss-knife☆125Updated 2 years ago
- ☆163Updated 9 months ago
- Cortex XDR Config Extractor☆133Updated 2 years ago
- C# implementation of TokenFinder. Steal M365 access tokens from Office Desktop apps☆140Updated last year
- A tool for enumerating potential hosts that are open to GSSAPI abuse within Active Directory networks☆169Updated last week
- PowerShell Reverse Shell☆78Updated 2 years ago
- Lateral Movement☆124Updated last year
- Uses rpcdump to locate the ADCS server, and identify if ESC8 is vulnerable from unauthenticated perspective.☆83Updated 11 months ago
- Investigation about ACL abusing for Active Directory Certificate Services (AD CS)☆124Updated 3 years ago
- Find interesting files stored on (System Center) Configuration Manager (SCCM/CM) SMB shares☆177Updated 2 years ago
- Determine if the WebClient Service (WebDAV) is running on a remote system☆139Updated last year
- OPSEC safe Kerberoasting in C#☆192Updated 3 years ago
- Some scripts to support with importing large datasets into BloodHound☆81Updated last year
- PowerShell runner for executing malicious payloads in order to bypass Windows Defender.☆73Updated 3 years ago
- A simple POC that abuses Backup Operator privileges to remote dump SAM, SYSTEM, and SECURITY☆86Updated 3 years ago
- Collection of random RedTeam scripts.☆207Updated last year
- ☆222Updated last year
- A technique to coerce a Windows SQL Server to authenticate on an arbitrary machine.☆131Updated last year
- Copy the properties and groups of a user from neo4j (bloodhound) to create an identical golden ticket.☆96Updated last year
- Small utility to chunk up a large BloodHound JSON file into smaller files for importing.☆94Updated 2 years ago
- C# POC to extract NetNTLMv1/v2 hashes from ETW provider☆258Updated 2 years ago
- PoC to coerce authentication from Windows hosts using MS-WSP☆258Updated last year
- Get Fine Grained Password Policy☆72Updated 4 months ago
- Use ESC1 to perform a makeshift DCSync and dump hashes☆212Updated last year
- Static standalone binaries for Linux and Windows (x64) of Python offensive tools. Compiled using PyInstaller, Docker for Windows, WSL2, a…☆107Updated 3 years ago
- pyCobaltHound is an Aggressor script extension for Cobalt Strike which aims to provide a deep integration between Cobalt Strike and Blood…☆136Updated 2 years ago
- Lord Of Active Directory - automatic vulnerable active directory on AWS☆147Updated last year