☆414Nov 18, 2022Updated 3 years ago
Alternatives and similar repositories for ProxyNotShell-PoC
Users that are interested in ProxyNotShell-PoC are comparing it to the libraries listed below
Sorting:
- Some Service DCOM Object and SeImpersonatePrivilege abuse.☆372Dec 9, 2022Updated 3 years ago
- PrintNotifyPotato☆539Dec 2, 2022Updated 3 years ago
- Dump NTDS with golden certificates and UnPAC the hash☆647Mar 20, 2024Updated last year
- CVE-2021-42287/CVE-2021-42278 Scanner & Exploiter.☆1,397Dec 16, 2021Updated 4 years ago
- KrbRelayUp - a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default…☆1,630Aug 6, 2022Updated 3 years ago
- A PoC that combines AutodialDLL lateral movement technique and SSP to scrape NTLM hashes from LSASS process.☆301Oct 26, 2022Updated 3 years ago
- ☆707Nov 7, 2023Updated 2 years ago
- ☆829Sep 9, 2022Updated 3 years ago
- Escalate Service Account To LocalSystem via Kerberos☆403Sep 14, 2023Updated 2 years ago
- Recovering NTLM hashes from Credential Guard☆378Dec 26, 2022Updated 3 years ago
- Another Windows Local Privilege Escalation from Service Account to System☆939Nov 12, 2022Updated 3 years ago
- A C# utility for interacting with SCCM☆682Aug 20, 2025Updated 6 months ago
- New generation of wmiexec.py☆1,254Jan 5, 2026Updated last month
- Exploit for EfsPotato(MS-EFSR EfsRpcOpenFileRaw with SeImpersonatePrivilege local privalege escalation vulnerability).☆816Dec 14, 2023Updated 2 years ago
- Proof-of-Concept tool to authenticate to an LDAP/S server with a certificate through Schannel☆730Sep 3, 2025Updated 5 months ago
- One day based on https://googleprojectzero.blogspot.com/2022/10/rc4-is-still-considered-harmful.html☆415Nov 10, 2024Updated last year
- Credential Guard Bypass Via Patching Wdigest Memory☆335Feb 3, 2023Updated 3 years ago
- Proxylogon & Proxyshell & Proxyoracle & Proxytoken & All exchange server history vulns summarization :)☆562Dec 7, 2023Updated 2 years ago
- ☆385Aug 19, 2021Updated 4 years ago
- .NET Project for Attacking vCenter☆553Nov 11, 2021Updated 4 years ago
- Proof of Concept Utilities Developed to Research NTLM Relaying Attacks Targeting ADFS☆187Jun 22, 2022Updated 3 years ago
- An ADCS Exploitation Automation Tool Weaponizing Certipy and Coercer☆738May 19, 2023Updated 2 years ago
- ☆383Jan 19, 2023Updated 3 years ago
- Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user☆976Jan 29, 2023Updated 3 years ago
- ☆477Nov 20, 2022Updated 3 years ago
- Execute unmanaged Windows executables in CobaltStrike Beacons☆714Mar 4, 2023Updated 2 years ago
- A standalone DLL that exports databases in cleartext once injected in the KeePass process.☆301Mar 1, 2023Updated 3 years ago
- ☆323Jan 13, 2023Updated 3 years ago
- C# POC for CVE-2021-26855 aka ProxyLogon, supports the classically semi-interactive web shell as well as shellcode injection☆251Mar 31, 2021Updated 4 years ago
- A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other ob…☆483Oct 14, 2022Updated 3 years ago
- PoCs and tools for investigation of Windows process execution techniques☆952Feb 2, 2026Updated last month
- ☆347Mar 17, 2023Updated 2 years ago
- StandIn is a small .NET35/45 AD post-exploitation toolkit☆839Dec 2, 2023Updated 2 years ago
- Check for LDAP protections regarding the relay of NTLM authentication☆531Nov 19, 2024Updated last year
- Quietly and anonymously bruteforce Active Directory usernames at insane speeds from Domain Controllers by (ab)using LDAP Ping requests (c…☆1,051Nov 9, 2024Updated last year
- Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user☆1,041Jul 10, 2022Updated 3 years ago
- From an account member of the group Backup Operators to Domain Admin without RDP or WinRM on the Domain Controller☆440Jan 4, 2025Updated last year
- ADExplorerSnapshot.py is an AD Explorer snapshot parser. It is made as an ingestor for BloodHound via BOFHound, and also supports full-ob…☆1,053Jan 22, 2026Updated last month
- A Stealthy Lsass Dumper - can abuse ProcExp152.sys driver to dump PPL Lsass, no dbghelp.lib calls.☆326Jan 31, 2023Updated 3 years ago