dagda76 Goto Github PK

ad-common-queries

Collection of common ADSI queries for Domain Account enumeration

admodule

Microsoft signed ActiveDirectory PowerShell module

amsi

AMSI bypasses

amsi-bypass-powershell

This repo contains some Amsi Bypass methods i found on different Blog Posts.

amsiscanbufferbypass

Circumvent AMSI by patching AmsiScanBuffer

backup_dc_registry

A simple POC that abuses Backup Operator privileges to remote dump SAM, SYSTEM, and SECURITY

backupoperatortoda

From an account member of the group Backup Operators to Domain Admin without RDP or WinRM on the Domain Controller

credmaster

Refactored & improved CredKing password spraying tool, uses FireProx APIs to rotate IP addresses, stay anonymous, and beat throttling

discover

Custom bash scripts used to automate various penetration testing tasks including recon, scanning, parsing, and creating malicious payloads and listeners with Metasploit.

dnscat2

domainhunter

Checks expired domains for categorization/reputation and Archive.org history to determine good candidates for phishing and C2 domain names

domainpasswordspray

DomainPasswordSpray is a tool written in PowerShell to perform a password spray attack against users of a domain. By default it will automatically generate the userlist from the domain. BE VERY CAREFUL NOT TO LOCKOUT ACCOUNTS!

dsinternals

Directory Services Internals (DSInternals) PowerShell Module and Framework

empire

Empire is a PowerShell and Python 3.x post-exploitation framework.

evilginx2

Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication

find-sensitivedata

PowerShell script to search as file share for potential sensitive data patterns

findfrontabledomains

Search for potential frontable domains

finduncommonshares

FindUncommonShares.py is a Python equivalent of PowerView's Invoke-ShareFinder.ps1 allowing to quickly find uncommon shares in vast Windows Domains.

gowitness

🔍 gowitness - a golang, web screenshot utility using Chrome Headless

hoaxshell

An unconventional Windows reverse shell, currently undetected by Microsoft Defender and various other AV solutions, solely based on http(s) traffic.

internal-monologue

Internal Monologue Attack: Retrieving NTLM Hashes without Touching LSASS

inveigh

.NET IPv4/IPv6 machine-in-the-middle tool for penetration testers

invoke-pentest

PowerShell script to execute common internal penetration testing techniques in an Active Directory environment

ipt

lsasssilentprocessexit

Command line interface to dump LSASS memory to disk via SilentProcessExit

netexec

The Network Execution Tool

npk

A mostly-serverless distributed hash cracking platform

ntlmrecon

Enumerate information from NTLM authentication enabled web endpoints 🔎

offensivepipeline

OfensivePipeline allows you to download and build C# tools, applying certain modifications in order to improve their evasion for Red Team exercises.

oscp