mpgn/BackupOperatorToDA external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

mpgn/BackupOperatorToDA

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/mpgn/BackupOperatorToDA)

Close

mpgn / BackupOperatorToDAView on GitHubMore

• External links
• Readme badge

From an account member of the group Backup Operators to Domain Admin without RDP or WinRM on the Domain Controller

☆440Jan 4, 2025Updated last year

Alternatives and similar repositories for BackupOperatorToDA

Users that are interested in BackupOperatorToDA are comparing it to the libraries listed below

• improsec / BackupOperatorToolkit

  View on GitHub
  The BackupOperatorToolkit contains different techniques allowing you to escalate from Backup Operator to Domain Admin
  ☆180Feb 14, 2023Updated 3 years ago
• zblurx / certsync

  View on GitHub
  Dump NTDS with golden certificates and UnPAC the hash
  ☆647Mar 20, 2024Updated 2 years ago
• cube0x0 / KrbRelay

  View on GitHub
  Framework for Kerberos relaying
  ☆938May 29, 2022Updated 3 years ago
• c3c / ADExplorerSnapshot

  View on GitHub
  ADExplorerSnapshot.py is an AD Explorer snapshot parser. It is made as an ingestor for BloodHound via BOFHound, and also supports full-ob…
  ☆1,063Jan 22, 2026Updated last month
• ly4k / PassTheChallenge

  View on GitHub
  Recovering NTLM hashes from Credential Guard
  ☆377Dec 26, 2022Updated 3 years ago
• horizon3ai / backup_dc_registry

  View on GitHub
  A simple POC that abuses Backup Operator privileges to remote dump SAM, SYSTEM, and SECURITY
  ☆90Feb 16, 2022Updated 4 years ago
• nettitude / SharpWSUS

  View on GitHub
  ☆477Nov 20, 2022Updated 3 years ago
• fortra / nanodump

  View on GitHub
  The swiss army knife of LSASS dumping
  ☆2,081Sep 17, 2024Updated last year
• Dec0ne / KrbRelayUp

  View on GitHub
  KrbRelayUp - a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default…
  ☆1,634Aug 6, 2022Updated 3 years ago
• Dec0ne / DavRelayUp

  View on GitHub
  DavRelayUp - a universal no-fix local privilege escalation in domain-joined windows workstations where LDAP signing is not enforced (the …
  ☆568Jun 5, 2023Updated 2 years ago
• grimlockx / ADCSKiller

  View on GitHub
  An ADCS Exploitation Automation Tool Weaponizing Certipy and Coercer
  ☆741May 19, 2023Updated 2 years ago
• decoder-it / ADCSCoercePotato

  View on GitHub
  ☆244May 5, 2024Updated last year
• AlmondOffSec / PassTheCert

  View on GitHub
  Proof-of-Concept tool to authenticate to an LDAP/S server with a certificate through Schannel
  ☆733Sep 3, 2025Updated 6 months ago
• FuzzySecurity / StandIn

  View on GitHub
  StandIn is a small .NET35/45 AD post-exploitation toolkit
  ☆840Dec 2, 2023Updated 2 years ago
• praetorian-inc / PortBender

  View on GitHub
  TCP Port Redirection Utility
  ☆765Jan 31, 2023Updated 3 years ago
• CCob / lsarelayx

  View on GitHub
  NTLM relaying for Windows made easy
  ☆581Apr 25, 2023Updated 2 years ago
• med0x2e / NTLMRelay2Self

  View on GitHub
  An other No-Fix LPE, NTLMRelay2Self over HTTP (Webdav).
  ☆418Jan 27, 2024Updated 2 years ago
• evilashz / CheeseOunce

  View on GitHub
  Coerce Windows machines auth via MS-EVEN
  ☆174Jan 17, 2024Updated 2 years ago
• eladshamir / Whisker

  View on GitHub
  Whisker is a C# tool for taking over Active Directory user and computer accounts by manipulating their msDS-KeyCredentialLink attribute, …
  ☆935Nov 11, 2024Updated last year
• Mayyhem / SharpSCCM

  View on GitHub
  A C# utility for interacting with SCCM
  ☆683Aug 20, 2025Updated 7 months ago
• ShutdownRepo / ShadowCoerce

  View on GitHub
  MS-FSRVP coercion abuse PoC
  ☆302Dec 30, 2021Updated 4 years ago
• bats3c / ADCSPwn

  View on GitHub
  A tool to escalate privileges in an active directory network by coercing authenticate from machine accounts and relaying to the certifica…
  ☆867Mar 20, 2023Updated 2 years ago
• login-securite / DonPAPI

  View on GitHub
  Dumping DPAPI credz remotely
  ☆1,337Mar 24, 2025Updated 11 months ago
• pkb1s / SharpAllowedToAct

  View on GitHub
  Computer object takeover through Resource-Based Constrained Delegation (msDS-AllowedToActOnBehalfOfOtherIdentity)
  ☆197Feb 1, 2021Updated 5 years ago
• antonioCoco / RemotePotato0

  View on GitHub
  Windows Privilege Escalation from User to Domain Admin.
  ☆1,451Dec 18, 2022Updated 3 years ago
• nettitude / MalSCCM

  View on GitHub
  ☆254Sep 28, 2023Updated 2 years ago
• S3cur3Th1sSh1t / SharpNamedPipePTH

  View on GitHub
  Pass the Hash to a named pipe for token Impersonation
  ☆311Nov 29, 2023Updated 2 years ago
• dirkjanm / PKINITtools

  View on GitHub
  Tools for Kerberos PKINIT and relaying to AD CS
  ☆887Jan 3, 2025Updated last year
• anthemtotheego / InlineExecute-Assembly

  View on GitHub
  InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assem…
  ☆742Jul 22, 2023Updated 2 years ago
• zcgonvh / EfsPotato

  View on GitHub
  Exploit for EfsPotato(MS-EFSR EfsRpcOpenFileRaw with SeImpersonatePrivilege local privalege escalation vulnerability).
  ☆819Dec 14, 2023Updated 2 years ago
• trustedsec / CS-Remote-OPs-BOF

  View on GitHub
  Remote operations commands implemented using Beacon Object Files
  ☆1,139Mar 5, 2026Updated 2 weeks ago
• mlcsec / ASRenum-BOF

  View on GitHub
  Cobalt Strike BOF that identifies Attack Surface Reduction (ASR) rules, actions, and exclusion locations
  ☆162Mar 1, 2024Updated 2 years ago
• bugch3ck / SharpEfsPotato

  View on GitHub
  Local privilege escalation from SeImpersonatePrivilege using EfsRpc.
  ☆338Oct 17, 2022Updated 3 years ago
• praetorian-inc / ADFSRelay

  View on GitHub
  Proof of Concept Utilities Developed to Research NTLM Relaying Attacks Targeting ADFS
  ☆186Jun 22, 2022Updated 3 years ago
• wh0amitz / BypassCredGuard

  View on GitHub
  Credential Guard Bypass Via Patching Wdigest Memory
  ☆335Feb 3, 2023Updated 3 years ago
• cube0x0 / SharpSystemTriggers

  View on GitHub
  Collection of remote authentication triggers in C#
  ☆524May 15, 2024Updated last year
• cube0x0 / LdapSignCheck

  View on GitHub
  Beacon Object File & C# project to check LDAP signing
  ☆199Aug 7, 2024Updated last year
• cube0x0 / noPac

  View on GitHub
  CVE-2021-42287/CVE-2021-42278 Scanner & Exploiter.
  ☆1,397Dec 16, 2021Updated 4 years ago
• JamesCooteUK / SharpSphere

  View on GitHub
  .NET Project for Attacking vCenter
  ☆553Nov 11, 2021Updated 4 years ago