This repository contains a list of python scripts to work with Microsoft RPC for research purposes.

A list of methods to coerce a windows machine to authenticate to an attacker-controlled machine through a Remote Procedure Call (RPC) with various protocols.

A collection of http fuzzing python scripts to fuzz HTTP servers for bugs.

A script to enumerate valid usernames based on the requests response times.

A Python script to download PDB files associated with a Portable Executable (PE)

Decode the values of common Windows properties such as userAccountControl and sAMAccountType.

List of linux kernel versions and download links in JSON

Impacket is a collection of Python classes for working with network protocols.

Abuse the node.js inspector mechanism in order to force any node.js/electron/v8 based process to execute arbitrary javascript code.

A complete table of results of types comparison in multiple languages

Security Research from the Microsoft Security Response Center (MSRC)

IDA plugin which queries language models to speed up reverse-engineering

Local privilege escalation from SeImpersonatePrivilege using EfsRpc.

An advanced tool for working with access tokens and Windows security policy.

PoC for CVE-2022-41876

Collection of PoC and offensive techniques used by the BlackArrow Red Team

Monitor creation, deletion and changes to LDAP objects live during your pentest or system administration!

A system administration or post-exploitation script to automatically extract the bitlocker recovery keys from a domain.

A python module to explore the object tree to extract paths to interesting objects in memory.

A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through 12 methods.

Research into Undocumented Behavior of Azure AD Refresh Tokens

PoC for CVE-2023-36802 Microsoft Kernel Streaming Service Proxy

A browser extension that allows you to monitor, intercept, and debug JavaScript sinks based on customizable configurations.

A python tool to parse and describe the contents of a raw ntSecurityDescriptor structure.

A working PoC of a "remote" Coercedpotato

A python tool to parse and describe the SDDL string.

A client library to interact with Windows RPC services such as MS-SRVS and MS-RRP.

Remote Kerberos Relay made easy! Advanced Kerberos Relay Framework