pyForgeCert is a Python equivalent of the ForgeCert.

A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other objects in the domain.

Python version of the C# tool for "Shadow Credentials" attacks

A .NET tool for exporting and importing certificates without touching disk.

"Golden" certificates

Active Directory certificate abuse.

Tools for Kerberos PKINIT and relaying to AD CS

Extracts Key Values from .keytab files

Framework for Kerberos relaying

Custom Query list for the Bloodhound GUI based off my cheatsheet

Standalone implementation of a part of the WSUS spec. Built for offensive security purposes.

The GPOddity project, aiming at automating GPO attack vectors through NTLM relaying (and more).

Active Directory Integrated DNS dumping by any authenticated user

A lightweight tool to quickly extract valuable information from the Active Directory environment for both attacking and defending.

PoC for Zerologon - all research credits go to Tom Tervoort of Secura

A PrintNightmare (CVE-2021-34527) Python Scanner. Scan entire subnets for hosts vulnerable to the PrintNightmare RCE

PoC to coerce authentication from Windows hosts using MS-WSP

A tool to escalate privileges in an active directory network by coercing authenticate from machine accounts and relaying to the certificate service.

MS-FSRVP coercion abuse PoC

PowerShell toolkit for AD CS auditing based on the PSPKI toolkit.

pwning IPv4 via IPv6

CVE-2018-8581

GolenGMSA tool for working with GMSA passwords

Escalate Service Account To LocalSystem via Kerberos

Active Directory information dumper via LDAP

Python script that takes new output from Get-DomainTrustMapping .csvs and outputs graphml. Based on DomainTrustExplorer.

C# and Impacket implementation of PrintNightmare CVE-2021-1675/CVE-2021-34527

A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through 12 methods.

Dump NTDS with golden certificates and UnPAC the hash