skelsec / aardwolf

Related projects: ⓘ

• ly4k / PrintNightmare
  Python implementation for PrintNightmare (CVE-2021-1675 / CVE-2021-34527)
  ☆178Updated 2 years ago
• nettitude / ETWHash
  C# POC to extract NetNTLMv1/v2 hashes from ETW provider
  ☆250Updated last year
• fortalice / modifyCertTemplate
  ADCS cert template modification and ACL enumeration
  ☆126Updated last year
• nettitude / Aladdin
  ☆216Updated 10 months ago
• m8sec / CVE-2021-34527
  PrintNightmare (CVE-2021-34527) PoC Exploit
  ☆102Updated last year
• WKL-Sec / WMIExec
  Set of python scripts which perform different ways of command execution via WMI protocol.
  ☆157Updated last year
• t3hbb / NSGenCS
  Extendable payload obfuscation and delivery framework
  ☆140Updated last year
• zblurx / acltoolkit
  ACL abuse swiss-knife
  ☆116Updated last year
• p0dalirius / MSSQL-Analysis-Coerce
  A technique to coerce a Windows SQL Server to authenticate on an arbitrary machine.
  ☆124Updated 11 months ago
• N4kedTurtle / PersistBOF
  A BOF to automate common persistence tasks for red teamers
  ☆263Updated last year
• He-No / ntlmrelayx2proxychains
  ☆92Updated last year
• mdsecactivebreach / DragonCastle
  A PoC that combines AutodialDLL lateral movement technique and SSP to scrape NTLM hashes from LSASS process.
  ☆291Updated last year
• garrettfoster13 / aced
  ☆144Updated 7 months ago
• powerseb / PowerExtract
  ☆110Updated last year
• Mr-Un1k0d3r / AMSI-ETW-Patch
  Patch AMSI and ETW
  ☆227Updated 4 months ago
• nickvourd / COM-Hunter
  COM Hijacking VOODOO
  ☆253Updated 6 months ago
• lefayjey / SharpSQLPwn
  C# tool to identify and exploit weaknesses within MSSQL instances in Active Directory environments
  ☆105Updated 2 years ago
• MzHmO / TGSThief
  My implementation of the GIUDA project in C++
  ☆152Updated last year
• zer1t0 / certi
  ADCS abuser
  ☆244Updated last year
• snovvcrash / MirrorDump
  Another LSASS dumping tool that uses a dynamically compiled LSA plugin to grab an lsass handle and API hooking for capturing the dump in…
  ☆102Updated 2 years ago
• D1rkMtr / FilelessNtdllReflection
  ☆153Updated this week
• Flangvik / CobaltBus
  Cobalt Strike External C2 Integration With Azure Servicebus, C2 traffic via Azure Servicebus
  ☆224Updated 2 years ago
• last-byte / RIPPL
  RIPPL is a tool that abuses a usermode only exploit to manipulate PPL processes on Windows
  ☆6Updated 2 years ago
• improsec / BackupOperatorToolkit
  The BackupOperatorToolkit contains different techniques allowing you to escalate from Backup Operator to Domain Admin
  ☆164Updated last year
• D1rkMtr / ExecRemoteAssembly
  ☆245Updated this week
• D1rkMtr / FileLessRemoteShellcode
  ☆138Updated this week
• mandiant / ccmpwn
  ☆174Updated 5 months ago
• fortalice / bofhound
  Generate BloodHound compatible JSON from logs written by ldapsearch BOF, pyldapsearch and Brute Ratel's LDAP Sentinel
  ☆293Updated 6 months ago
• dirkjanm / forest-trust-tools
  Proof-of-concept tools for my AD Forest trust research
  ☆181Updated 3 months ago
• 1njected / CMLoot
  Find interesting files stored on (System Center) Configuration Manager (SCCM/CM) SMB shares
  ☆152Updated last year