KrbRelayUp Simple wrapper around some of the features of Rubeus and KrbRelay (and a few other honorable mentions in the acknowledgments section) in order to streamline the abuse of the following attack primitive:...
LHF – Leaked Handles Finder Leaked Windows processes handles identification tool. Useful for identifying new LPE vulnerabilities during a pentest or simply as a new research process. Currently supports exploiting...
Golden GMSA GoldenGMSA is a C# tool for abusing Group Managed Service Accounts (gMSA) in Active Directory. The Golden GMSA attack occurs when an attacker dumps a KDS root key’s...
DuplicateDump DuplicateDump is a fork of MirrorDump with the following modifications: DInovke implementation LSA plugin DLL has been written in C++ which could be cleaned up after dumping LSASS. MirrorDump compiles...
BackupOperatorToDA – From Backup Operator To Domain Admin If you compromise an account member of the group Backup Operators you can become the Domain Admin without RDP or WinRM on...
ScheduleRunner A C# tool with more flexibility to customize scheduled task for both persistence and lateral movement in red team operation Scheduled task is one of the most popular attack...
ICMP-TransferTools ICMP-TransferTools is a set of scripts designed to move files to and from Windows hosts in restricted network environments. This is accomplished using a total of 4 different files,...
Auto-Elevate This tool demonstrates the power of UAC bypasses and built-in features of Windows. This utility auto-locates winlogon.exe, steals and impersonates its process TOKEN, and spawns a new SYSTEM-level process...
EvilSelenium EvilSelenium is a new project that weaponizes Selenium to abuse Chrome. The current features right now are: Steal stored credentials (via autofill) Steal cookies Take screenshots of websites Dump Gmail/O365 emails...
PurplePanda This tool fetches resources from different cloud/saas applications focusing on permissions in order to identify privilege escalation paths and dangerous permissions in the cloud/saas configurations. Note that PurplePanda searches both privileges escalation...
ADExplorerSnapshot.py ADExplorerSnapshot.py is an AD Explorer snapshot ingestor for BloodHound. AD Explorer allows you to connect to a DC and browse LDAP data. It can also create snapshots of the server...
WMEye WMEye is an experimental tool that was developed when exploring Windows WMI. The tool is developed for performing Lateral Movement using WMI and remote MSBuild Execution. It uploads the...
What is BloodHound-Tools? A collection of tools that integrate to BloodHound. Bloodhound is the defacto standard that both blue and red security teams use to find lateral movement and privilege escalation...
KrbRelay the only public tool for relaying Kerberos tickets and the only relaying framework written in C#. More details at https://googleprojectzero.blogspot.com/2021/10/windows-exploitation-tricks-relaying.html and https://googleprojectzero.blogspot.com/2021/10/using-kerberos-for-authentication-relay.html This should be working on most fully patched Windows systems....
modifyCertTemplate This tool is designed to aid an operator in modifying ADCS certificate templates so that a created vulnerable state can be leveraged for privilege escalation (and then reset the...
Support Securityonline.info site. Thanks!
