Category: Post Exploitation
UACMe Defeating Windows User Account Control by abusing the built-in Windows AutoElevate backdoor. System Requirements x86-32/x64 Windows 7/8/8.1/10/11 (client, some methods, however, works on server version too). Admin account with UAC set on default...
Certipy Certipy is a Python tool to enumerate and abuse misconfigurations in Active Directory Certificate Services (AD CS). Changelog v4.8.2 Fixes issue #172 Install git clone https://github.com/ly4k/Certipy.git python3 setup.py install Use Examples Auto...
emp3r0r Linux/Windows post-exploitation framework made by Linux user features beautiful terminal UI, use tmux for window management multi-tasking, you don’t need to wait for any commands to finish basic API provided through Unix socket...
BloodHound BloodHound is a single-page Javascript web application, built on top of Linkurious, compiled with Electron, with a Neo4j database fed by a PowerShell ingestor. BloodHound uses graph theory to reveal the hidden and often unintended...
DSInternals PowerShell Module and Framework The DSInternals project consists of these two parts: The DSInternals Framework exposes several internal features of Active Directory and can be used from any .NET application. The codebase has already been integrated into...
EDRHunt EDRHunt scans Windows services, drivers, processes, the registry for installed EDRs (Endpoint Detection And Response). Detections EDR Detections Currently Available Windows Defender Kaspersky Security Symantec Security Crowdstrike Security Mcafee Security Cylance Security Carbon...
Empire 4.0 is a post-exploitation framework that includes a pure-PowerShell 2.0 Windows agent, and compatibility with Python 2.x/3.x Linux/OS X agents. It is the merger of the previous PowerShell Empire and Python EmPyre projects....
PrivescCheck – Privilege Escalation Enumeration Script for Windows This script aims to enumerate common Windows security misconfigurations which can be leveraged for privilege escalation and gather various information that might be useful for exploitation and/or post-exploitation. Features Current User Invoke-UserCheck...
bloodyAD BloodyAD is an Active Directory Privilege Escalation Framework. This tool can perform specific LDAP/SAMR calls to a domain controller in order to perform AD privesc. It supports authentication using cleartext passwords, pass-the-hash, pass-the-ticket,...
EDRaser EDRaser is a powerful tool for remotely deleting access logs, Windows event logs, databases, and other files on remote machines. It offers two modes of operation: automated and manual. Automated Mode In automated...