SharpGPOAbuse is a .NET application written in C# that can be used to take advantage of a user's edit rights on a Group Policy Object (GPO) in order to compromise the objects that are contr...

Jordan Drysdale// This is basically a slight update and rip off of Marcello’s work out here: https://byt3bl33d3r.github.io/practical-guide-to-ntlm-relaying-in-2017-aka-getting-a-foothold-in-under-5-minutes.html /tl;dr – Zero to DA on an environment through…

Dump Azure AD Connect credentials for Azure AD and Active Directory - dirkjanm/adconnectdump

Death Metal is a toolkit designed to exploit AMT’s legitimate features, as the AMT framework’s functionality, designed for innocent system administration…

This is not my discovery, and is merely an expansion and demo of how to use the PrivExchange exploit. See _dirkjan’s blog post Abusing Exchange: One API call away from Domain Admin for the original discovery.

This is for educational purposes only. Never do security testing on a machine you do not own or have permission to test on. If you don’t…

Sniffing out password reuse

Leaders in Information Security

Beau Bullock // Overview HostRecon is a tool I wrote in PowerShell to assist with quickly enumerating a number of items that I would typically check after gaining access to […]

In this post, I will cover how to manipulate file times on the Windows OS with a proof-of-concept tool and show examples of detection.

Posted by James Forshaw, Google Project Zero I've recently been adding native user-mode debugger support to NtObjectManager . Whenever ...

Praetorian's public release of our Metasploit automation of MITRE ATT&CK™ TTPs - praetorian-inc/purple-team-attack-automation

Using the Service Control Manager and built-in services for lateral movement.

WMImplant is a powerful PowerShell based tool that enables its users to conduct nearly any post-exploitation action and exclusively using WMI to do so. We’ve blogged about out-of-the-box detection opportunities for WMImplant, how to copy files, searching…