Azure AppHunter is an open-source tool created for security researchers, red teamers and defenders to help them identify excessive privileges assigned to Service Principals

Windows Local Privilege Escalation Cookbook

A modular C2 framework

A tool which creates a spoofed certificate of any online website and signs an Executable for AV Evasion. Works for both Windows and Linux

A tool employs direct registry manipulation to create scheduled tasks without triggering the usual event logs.

Plugin for Neural Amp Modeler

Programmatically start WebClient from an unprivileged session to enable that juicy privesc.

PowerHuntShares is an audit script designed in inventory, analyze, and report excessive privileges configured on Active Directory domains.

Makes reverse engineering Android apps easier, automating repetitive tasks like pulling, decoding, rebuilding and patching an APK.

Free, Open Source, User-Mode SMB 1.0/CIFS, SMB 2.0, SMB 2.1 and SMB 3.0 server and client library

Determine if the WebClient Service (WebDAV) is running on a remote system

Whisker is a C# tool for taking over Active Directory user and computer accounts by manipulating their msDS-KeyCredentialLink attribute, effectively adding "Shadow Credentials" to the target account.

An EDR bypass that prevents EDRs from hooking or loading DLLs into our process by hijacking the AppVerifier layer

SOAPHound is a custom-developed .NET data collector tool which can be used to enumerate Active Directory environments via the Active Directory Web Services (ADWS) protocol.

Python version of the C# tool for "Shadow Credentials" attacks

Timeroasting scripts by Tom Tervoort

Tool for Active Directory Certificate Services enumeration and abuse

Bypassing Kerberoast Detections with Modified KDC Options and Encryption Types

User enumeration and password bruteforce on Azure, ADFS, OWA, O365, Teams and gather emails on Linkedin

Reverse Tunneling made easy for pentesters, by pentesters https://sysdream.com/

Metadata harvester

Exploitation paths allowing you to (mis)use the Windows Privileges to elevate your rights within the OS.

Enumerate all network shares in the current domain. Also, can resolve names to IP addresses.

InsecurePowerShell is PowerShell with some security features removed.

C# implementation of the token privilege removal flaw discovered by @GabrielLandau/Elastic

Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user

Remix is a browser-based compiler and IDE that enables users to build Ethereum contracts with Solidity language and to debug transactions.

Run PowerShell with rundll32. Bypass software restrictions.