synacktiv / OUned
The OUned project automating Active Directory Organizational Units ACL exploitation through gPLink poisoning
☆78Updated 7 months ago
Related projects ⓘ
Alternatives and complementary repositories for OUned
- Tool for Active Directory Certificate Services enumeration and abuse☆64Updated this week
- ☆92Updated 9 months ago
- ☆66Updated 3 months ago
- Lateral Movement☆119Updated last year
- Two in one, patch lifetime powershell console, no more etw and amsi!☆79Updated 4 months ago
- A Python POC for CRED1 over SOCKS5☆134Updated last month
- ZSH integration for Impacket☆59Updated 3 weeks ago
- Just another C2 Redirector using CloudFlare.☆78Updated 6 months ago
- A web assembly (WASM) phishing lure generator based on pre-built templates and written in Rust with some GenAI assistance. W.A.L.K. aims …☆59Updated 2 months ago
- Identify common EDR processes, directories, and services. Simple BOF of Invoke-EDRChecker.☆108Updated last month
- Example code samples from our ScriptBlock Smuggling Blog post☆83Updated 5 months ago
- An old Windows workstations LPE for domain environments without LDAP signing/channel binding.☆28Updated last year
- ☆36Updated last month
- Lateral Movement via the .NET Profiler☆76Updated this week
- Programmatically start WebClient from an unprivileged session to enable that juicy privesc.☆66Updated last year
- Automatically extract and decrypt all configured scanning credentials of a Lansweeper instance.☆34Updated last month
- TokenCert☆86Updated last week
- ☆83Updated 2 years ago
- Spawns a process from a process. Can sometimes be used to run a session > 0 process from session 0.☆13Updated 2 years ago
- Get Fine Grained Password Policy☆65Updated 6 months ago
- Sliver extension performing TCP redirection tasks without performing cross-process injection.☆57Updated 5 months ago
- ☆87Updated 2 months ago
- IronSharpPack is a repo of popular C# projects that have been embedded into IronPython scripts that execute an AMSI bypass and then refle…☆105Updated 6 months ago
- Secretsdump C# version only supporting local (live) operation☆47Updated last year
- WTSImpersonator utilizes WTSQueryUserToken to steal user tokens by abusing the RPC Named Pipe "\\pipe\LSM_API_service"☆113Updated 4 months ago
- ☆83Updated 6 months ago
- ☆42Updated 2 years ago
- HelpSystems Nanodump, but wrapped in powershell via Invoke-ReflectivePEInjection☆53Updated 2 years ago
- Uses rpcdump to locate the ADCS server, and identify if ESC8 is vulnerable from unauthenticated perspective.☆78Updated 2 months ago
- BadExclusionsNWBO is an evolution from BadExclusions to identify folder custom or undocumented exclusions on AV/EDR☆72Updated 9 months ago