zh54321 / PoCEntraDeviceComplianceBypass
Simple pure PowerShell POC to bypass Entra / Intune Compliance Conditional Access Policy
☆116Updated this week
Alternatives and similar repositories for PoCEntraDeviceComplianceBypass:
Users that are interested in PoCEntraDeviceComplianceBypass are comparing it to the libraries listed below
- Automatically run and populate a new instance of BH CE☆58Updated 2 months ago
- TokenSmith generates Entra ID access & refresh tokens on offensive engagements. It is suitable for both covert adversary simulations and …☆165Updated 2 weeks ago
- ☆70Updated last month
- A pure PowerShell solution for Entra OAuth authentication, enabling easy retrieval of access and refresh tokens☆54Updated last week
- A companion tool that uses ADeleg to find insecure trustee and resource delegations in Active Directory☆154Updated 3 months ago
- A tool leveraging Kerberos tickets to get Microsoft 365 access tokens using Seamless SSO☆150Updated 4 months ago
- Hybrid AD utilities for ROADtools☆66Updated 3 weeks ago
- A PowerShell script to perform PKINIT authentication with the Windows API from a non domain-joined machine.☆120Updated 7 months ago
- Abusing Intune for Lateral Movement over C2☆302Updated 2 weeks ago
- ☆170Updated last month
- A security assessment tool for analyzing Active Directory Group Policy Objects (GPOs) to identify misconfigurations and vulnerabilities☆151Updated this week
- Azure DevOps Services Attack Toolkit☆137Updated 5 months ago
- ☆136Updated 3 months ago
- ☆174Updated last month
- ☆197Updated 3 months ago
- Parses Snaffler output file and generate beautified outputs.☆55Updated 4 months ago
- PowerShell scripts for alternative SharpHound enumeration, including users, groups, computers, and certificates, using the ActiveDirector…☆263Updated last month
- An Ansible collection that installs an SCCM deployment with optional configurations.☆59Updated 6 months ago
- Retrieve and display information about active user sessions on remote computers. No admin privileges required.☆170Updated 4 months ago
- Disconnected RSAT - A method of running Group Policy Manager, Certificate Authority and Certificate Templates MMC snap-ins from non-domai…☆203Updated last week
- PowerShell script designed to help Incident Responders collect forensic evidence from local and remote Windows devices.☆93Updated 4 months ago
- An offensive postexploitation tool that will give you complete control over the Outlook desktop application and therefore to the emails c…☆154Updated 3 months ago
- Reportly is an AzureAD user activity report tool.☆91Updated last year
- C# implementation of TokenFinder. Steal M365 access tokens from Office Desktop apps☆133Updated 5 months ago
- Abuse Azure API permissions for red teaming☆61Updated last year
- ☆106Updated last year
- A BloodHound collector for Microsoft Configuration Manager☆261Updated this week
- SCCMSecrets.py aims at exploiting SCCM policies distribution for credentials harvesting, initial access and lateral movement.☆181Updated 3 weeks ago
- This repository is meant to catalog network and host artifacts associated with various EDR products "shell" and response functionalities.☆76Updated 4 months ago
- Modular cross-platform Microsoft Graph API (Entra, o365, and Intune) enumeration and exploitation toolkit☆136Updated last month