Windows Local Privilege Escalation Cookbook

Source code for webpage

SCCMHunter is a post-ex tool built to streamline identifying, profiling, and attacking SCCM related assets in an Active Directory domain.

Windows inside a Docker container.

Arsenal is just a quick inventory and launcher for hacking programs

game of active directory

Webshell && Backdoor Collection

🔒 This GitHub repository presents an FTP bruteforcer implemented in Python using asynchronous programming. The script automates password guessing attempts on FTP servers, leveraging the efficiency …

Exploit for CVE-2023-36802 targeting MSKSSRV.SYS driver

Active Directory data ingestor for BloodHound Legacy written in Rust. 🦀

DavRelayUp - a universal no-fix local privilege escalation in domain-joined windows workstations where LDAP signing is not enforced (the default settings).

An ADCS Exploitation Automation Tool Weaponizing Certipy and Coercer

A .NET malware loader, using API-Hashing to evade static analysis

Bypass AMSI via PowerShell by splitting a file into multiple chunks

OSINT Framework : A python based Open Source Intelligence CLI framework similar to Metasploit.

linWinPwn is a bash script that streamlines the use of a number of Active Directory tools

Lenovo Diagnostics Driver EoP - Arbitrary R/W

Just another Powerview alternative but on steroids

BloodyAD is an Active Directory Privilege Escalation Framework

Check for LDAP protections regarding the relay of NTLM authentication

Kerberos protocol attacker

Roast in the Middle

Syscall Shellcode Loader (Work in Progress)

AD ACL abuse

This is a pre-authenticated RCE exploit for VMware vRealize Operations Manager

A list of useful Powershell scripts with 100% AV bypass (At the time of publication).