Stars
PowerShell collector for adding MSSQL attack paths to BloodHound with OpenGraph
Shows which M365 Objects have Privileged Access and what type (i.e. PIM, Direct, Currently Elevated)
Admin to Kernel code execution using the KSecDD driver
Attack Graph Visualizer and Explorer (Active Directory) ...Who's *really* Domain Admin?
quicmap is a simple yet quic (!) QUIC protocol scanner
Mayyhem / SCOMDecrypt
Forked from nccgroup/SCOMDecryptSCOMDecrypt is a tool to decrypt stored RunAs credentials from SCOM servers
Active Directory reconnaissance and exploitation for Red Teams via the Active Directory Web Services (ADWS).
linWinPwn is a bash script that streamlines the use of a number of Active Directory tools
SOAPHound is a custom-developed .NET data collector tool which can be used to enumerate Active Directory environments via the Active Directory Web Services (ADWS) protocol.
Async Python library to parse local and remote disk images.
Privilege escalation using the XAML diagnostics API (CVE-2023-36003)
DDSpoof is a tool that enables DHCP DNS Dynamic Update attacks against Microsoft DHCP servers in AD environments.
SessionGopher is a PowerShell tool that uses WMI to extract saved session information for remote access tools such as WinSCP, PuTTY, SuperPuTTY, FileZilla, and Microsoft Remote Desktop. It can be r…
To audit the security of read-only domain controllers
This repository contains various XXE labs set up for different languages and their different parsers. This may alternatively serve as a playground to teach or test with Vulnerability scanners / WAF…
Tools for Attacking Pleasant Password Server
Python script to enumerate valid Microsoft 365 domains, retrieve tenant name, and check for an MDI instance.
Weaponized CobaltStrike BOF for CVE-2023-36874 Windows Error Reporting LPE
PoC to coerce authentication from Windows hosts using MS-WSP
Custom Queries - Brought Up to BH4.1 syntax
Simple BOF to read the protection level of a process