zblurx / dploot
DPAPI looting remotely and locally in Python
☆406Updated last month
Related projects: ⓘ
- DavRelayUp - a universal no-fix local privilege escalation in domain-joined windows workstations where LDAP signing is not enforced (the …☆510Updated last year
- Bypassing Kerberoast Detections with Modified KDC Options and Encryption Types☆360Updated last year
- Impacket is a collection of Python classes for working with network protocols.☆267Updated last week
- Partial python implementation of SharpGPOAbuse☆346Updated 7 months ago
- Dump NTDS with golden certificates and UnPAC the hash☆613Updated 5 months ago
- Python library with CLI allowing to remotely dump domain user credentials via an ADCS without dumping the LSASS process memory☆371Updated 5 months ago
- Proof-of-Concept tool to authenticate to an LDAP/S server with a certificate through Schannel☆534Updated 2 months ago
- Recovering NTLM hashes from Credential Guard☆325Updated last year
- Python tool to Check running WebClient services on multiple targets based on @leechristensen☆247Updated 3 years ago
- AD ACL abuse☆241Updated 2 months ago
- FindUncommonShares is a Python script allowing to quickly find uncommon shares in vast Windows Domains, and filter by READ or WRITE acces…☆385Updated last month
- A list of methods to coerce a windows machine to authenticate to an attacker-controlled machine through a Remote Procedure Call (RPC) wit…☆483Updated 6 months ago
- Kerberoast with ACL abuse capabilities☆306Updated last month
- ☆261Updated this week
- ☆372Updated last year
- ☆290Updated last year
- A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other ob…☆441Updated last year
- An other No-Fix LPE, NTLMRelay2Self over HTTP (Webdav).☆389Updated 7 months ago
- Dump lsass using only Native APIs by hand-crafting Minidump files (without MinidumpWriteDump!)☆417Updated 2 weeks ago
- Tool to automatically exploit Active Directory privilege escalation paths shown by BloodHound☆400Updated 5 months ago
- Simple script to extract useful informations from the combo BloodHound + Neo4j☆190Updated 9 months ago
- From an account member of the group Backup Operators to Domain Admin without RDP or WinRM on the Domain Controller☆391Updated last year
- ☆342Updated 3 years ago
- Generate BloodHound compatible JSON from logs written by ldapsearch BOF, pyldapsearch and Brute Ratel's LDAP Sentinel☆293Updated 6 months ago
- ☆172Updated 2 months ago
- PowerShell Constrained Language Mode Bypass☆221Updated 3 years ago
- More examples using the Impacket library designed for learning purposes.☆262Updated last year
- Lifetime AMSI bypass by @ZeroMemoryEx ported to .NET Framework 4.8☆345Updated 3 weeks ago
- Amsi Bypass payload that works on Windwos 11☆367Updated last year
- Kill AV/EDR leveraging BYOVD attack☆301Updated last year