A simple, lightweight PowerShell script to remove pre-installed apps, disable telemetry, as well as perform various other changes to customize, declutter and improve your Windows experience. Win11D…

game of active directory

A tool which is uses to remove Windows Defender in Windows 8.x, Windows 10 (every version) and Windows 11.

Automation for internal Windows Penetrationtest / AD-Security

Privilege Escalation Enumeration Script for Windows

This publication is a collection of various common attack scenarios on Microsoft Entra ID (formerly known as Azure Active Directory) and how they can be mitigated or detected.

A post-exploitation powershell tool for extracting juicy info from memory.

SessionGopher is a PowerShell tool that uses WMI to extract saved session information for remote access tools such as WinSCP, PuTTY, SuperPuTTY, FileZilla, and Microsoft Remote Desktop. It can be r…

A Post-exploitation Toolset for Interacting with the Microsoft Graph API

Microsoft signed ActiveDirectory PowerShell module

WELA (Windows Event Log Analyzer): The Swiss Army knife for Windows Event Logs! ゑ羅（ウェラ）

Azure JWT Token Manipulation Toolset

ScriptSentry finds misconfigured and dangerous logon scripts.

Cover various security approaches to attack techniques and also provides new discoveries about security breaches.

Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with lateral movement within Active Directory environments

MAAD Attack Framework - An attack tool for simple, fast & effective security testing of M365 & Entra ID (Azure AD).

PowerShell scripts for alternative SharpHound enumeration, including users, groups, computers, and certificates, using the ActiveDirectory module (ADWS) or System.DirectoryServices class (LDAP).

Azure Post Exploitation Framework

PowerShell toolkit that extracts locked Windows files (SAM, SYSTEM, NTDS, ...) using MFT parsing and raw disk reads

Retrieve and display information about active user sessions on remote computers. No admin privileges required.

Interactive Shell and Command Execution over Named-Pipes (SMB) for Fileless lateral movement

PowerShell script to dump Microsoft Defender Config, protection history and Exploit Guard Protection History (no admin privileges required )

A pure PowerShell solution for Entra OAuth authentication, enabling easy retrieval of access and refresh tokens

Inboxfuscation is an advanced offensive & defensive framework for mailbox rule obfuscation and detection in Exchange environments.

PowerShell tool that shows how to read and write NTLM OWF values via samlib.dll.

Advanced In-Memory PowerShell Process Injection Framework

Fuegoshell is a powershell oneliner generator for Windows remote shell re-using TCP 445

Tamper Active Directory user attributes to collect their hashes with MS-SNTP

Active directory Attacks and Scripts