Active Directory and Internal Pentest Cheatsheets

firepwd.py, an open source tool to decrypt Mozilla protected passwords

Dump lsass using only NTAPI functions creating 3 JSON and 1 ZIP file... and generate the MiniDump file later!

Azure Post Exploitation Framework

Tool to automatically exploit Active Directory privilege escalation paths shown by BloodHound

BloodyAD is an Active Directory Privilege Escalation Framework

Port of Cobalt Strike's Process Inject Kit

LDAP library for auditing MS AD

Password cracking rules and masks for hashcat that I generated from cracked passwords.

LdapNightmare is a PoC tool that tests a vulnerable Windows Server against CVE-2024-49113

AADInternals-Endpoints PowerShell module

With zero dependencies, NetCredz extracts credentials from pcap files or live traffic, supporting NTLM, LDAP, HTTP, SMTP, SNMP, Telnet, FTP, and Kerberos, while also detecting DHCPv6 and LLMNR traf…

PowerShell scripts for alternative SharpHound enumeration, including users, groups, computers, and certificates, using the ActiveDirectory module (ADWS) or System.DirectoryServices class (LDAP).

Generate BloodHound compatible JSON from logs written by ldapsearch BOF, pyldapsearch and Brute Ratel's LDAP Sentinel

IDPS & SandBox & AntiVirus STEALTH KILLER. MorphAES is the world's first polymorphic shellcode engine, with metamorphic properties and capability to bypass sandboxes, which makes it undetectable fo…

A comprehensive guide/material for anyone looking to get into infosec or take the OSCP exam

Cloud Auditor

reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous …

a signal handler race condition in OpenSSH's server (sshd)

Various one-off pentesting projects written in Nim. Updates happen on a whim.

.NET/PowerShell/VBA Offensive Security Obfuscator

Just learning around new stuff mostly Red Teaming and such but will try to see if I can update or simplify them more, nothing too exotic (yet).

out-of-bounds write in Fortinet FortiOS CVE-2024-21762 vulnerability

The Deepfake Offensive Toolkit

An EDR bypass that prevents EDRs from hooking or loading DLLs into our process by hijacking the AppVerifier layer

a simple poc showcasing the ability of an admin to suspend EDR's protected processes , making it useless

PingCastle - Get Active Directory Security at 80% in 20% of the time

A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the server.

VECTR is a tool that facilitates tracking of your red and blue team testing activities to measure detection and prevention capabilities across different attack scenarios

This repository implements Threadless Injection in C