0day-today-archive: Historical collection of exploits and vulnerabilities from 0day.today

Python based GUI for browsing LDAP

Group Policy Objects manipulation and exploitation framework

Location-based techno with Sonic Pi and gpsd

Policy Module for Microsoft Active Directory Certificate Services

vet is a command-line tool that acts as a safety net for the risky curl | bash pattern. It lets you inspect, diff against previous versions, and lint remote scripts before asking for your explicit …

Useful Techniques, Tactics, and Procedures for red teamers and defenders, alike!

Automating the MITM attack on WSUS

CF-Hero is a reconnaissance tool that uses multiple data sources to discover the origin IP addresses of Cloudflare-protected web applications

Complete Mandiant Offensive VM (Commando VM), a fully customizable Windows-based pentesting virtual machine distribution. [email protected]

Create a vulnerable active directory that's allowing you to test most of the active directory attacks in a local lab

game of active directory

Tools and Techniques for Red Team / Penetration Testing

Frogy 2.0 is an automated external reconnaissance and Attack Surface Management (ASM) toolkit

PowerHuntShares is an audit script designed in inventory, analyze, and report excessive privileges configured on Active Directory domains.

A wrapper around grep, to help you grep for things

Collection of scripts to retrieve stored passwords from Veeam Backup

A tool that takes over Windows Updates to craft custom downgrades and expose past fixed vulnerabilities

Compiled Binaries for Ghostpack

Note: I am not responsible for any bad act. This is written by Chirag Artani to demonstrate the vulnerability.

Python 3 tool to view and edit PostgreSQL filenodes

A monster cheatsheet on MITM attacks

Veeam Backup Enterprise Manager Authentication Bypass (CVE-2024-29849)

Harden Windows Safely, Securely using Official Supported Microsoft methods and proper explanation | Always up-to-date and works with the latest build of Windows | Provides tools and Guides for Pers…

SSH-Snake is a self-propagating, self-replicating, file-less script that automates the post-exploitation task of SSH private key and host discovery.

BlueToolkit is an extensible Bluetooth Classic vulnerability testing framework that helps uncover new and old vulnerabilities in Bluetooth-enabled devices. Could be used in the vulnerability resea…

AD Miner is an Active Directory audit tool that leverages cypher queries to crunch data from the #Bloodhound graph database to uncover security weaknesses

The dynamic infrastructure framework for everybody! Distribute the workload of many different scanning tools with ease, including nmap, ffuf, masscan, nuclei, meg and many more!

Use ESC1 to perform a makeshift DCSync and dump hashes

Active Directory certificate abuse.