Stars
Lateral Movement as loggedon User via Speech Named Pipe COM & ISpeechNamedPipe + COM Hijacking
ROP ROCKET is an advanced code-reuse attack framework, with extensive ROP chain generation capabilities, including for novel Windows Syscalls attack, a novel Heaven's Gate, and "shellcodeless" ROP.…
Code execution/injection technique using DLL PEB module structure manipulation
The BEST DLL Injector Library.
Group Policy Eater is a PowerShell module that aims to gather information about Group Policies but also allows fixing issues that you may find in them.
Lateral Movement via Bitlocker DCOM interfaces & COM Hijacking
This tool is a user-friendly Graphical User Interface (GUI) tool that simplifies and streamlines the process of digitally signing files using Microsoft's signtool.exe. This tool is designed to prov…
Golem automates C/C++ vulnerability discovery with SemGrep+LLVM+LLM
A tool that shows detailed information about named pipes in Windows
DSE bypass using a leaked cert and adjusting the current clock.
PowerShell scripts for alternative SharpHound enumeration, including users, groups, computers, and certificates, using the ActiveDirectory module (ADWS) or System.DirectoryServices class (LDAP).
SOAPHound is a custom-developed .NET data collector tool which can be used to enumerate Active Directory environments via the Active Directory Web Services (ADWS) protocol.
The GPOddity project, aiming at automating GPO attack vectors through NTLM relaying (and more).
The OUned project automating Active Directory Organizational Units ACL exploitation through gPLink poisoning
SharpSuccessor is a .NET Proof of Concept (POC) for fully weaponizing Yuval Gordon’s (@YuG0rd) BadSuccessor attack from Akamai.
A handy collection of my public exploits, all in one place.
A tiny tool built to help AD Admins tame the Protected Users group.