Six Degrees of Domain Admin

Nishang - Offensive PowerShell for red team, penetration testing and offensive security.

A collection of software installations scripts for Windows systems that allows you to easily setup and maintain a reverse engineering environment on a VM.

Complete Mandiant Offensive VM (Commando VM), a fully customizable Windows-based pentesting virtual machine distribution. commandovm@mandiant.com

MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords, insider intel, network architecture information, etc.). It ca…

Shellcode implementation of Reflective DLL Injection. Convert DLLs to position independent shellcode

BadBlood by @davidprowe, Secframe.com, fills a Microsoft Active Directory Domain with a structure and thousands of objects. The output of the tool is a domain similar to a domain in the real world.…

JAWS - Just Another Windows (Enum) Script

Re-play Security Events

Adversary Tactics - PowerShell Training

Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment

Active Directory Assessment and Privilege Escalation Script

A password spraying tool for Microsoft Online accounts (Azure/O365). The script logs if a user cred is valid, if MFA is enabled on the account, if a tenant doesn't exist, if a user doesn't exist, i…

A post exploitation tool based on a web application, focusing on bypassing endpoint protection and application whitelisting

Exchange privilege escalations to Active Directory

retrieve information via O365 and AzureAD with a valid cred

Windows batch script that finds misconfiguration issues which can lead to privilege escalation.

getsystem via parent process using ps1 & embeded c#

Tools for discovery and abuse of COM hijacks

AzureADRecon is a tool which gathers information about the Azure Active Directory and generates a report which can provide a holistic picture of the current state of the target environment.

Check-LocalAdminHash is a PowerShell tool that attempts to authenticate to multiple hosts over either WMI or SMB using a password hash to determine if the provided credential is a local administrat…

A PowerShell script to download all files, messages and user profiles that a user has access to in slack.

A collection of post-exploitation tools for network red teaming.

Collection of Random PowerShell Scripts

Script samples from the book Pentesting Azure Applications (2018, No Starch Press)

Builds a hashmap of AD NTLM hashes/usernames and iterates through a second list of hashes checking for the existence of each entry in the AD NTLM hashmap

Query Active Directory for Workstations and then pull their Wireless Network Passwords

Merges multiple .nessus files into one file.

Gets the IP ranges associated with Azure regions in CIDR format

A simple powershell script which gives handy compliance report.