AD CS LOLBAS Toolkit Native Windows toolkit for AD CS enumeration and exploitation. Everything runs through built-in OS components (certreq.exe, certutil.exe, PowerShell AD module, .NET Framework) – no third-party tools needed(other than RSAT). Build...
VMkatz Extract Windows credentials directly from VM memory snapshots and virtual disks You are three weeks into a red team engagement. Your traffic crawls through a VPN, then bounces across four SOCKS proxies chained...
ghostsurf NTLM HTTP relay tool with SOCKS proxy for browser session hijacking. Capture NTLM auth, relay to HTTP/HTTPS targets, then browse as the victim through a SOCKS proxy. This works even when cookie replay...
EvilMist is a collection of scripts and utilities designed to support cloud security configuration audit, cloud penetration testing & cloud red teaming. The toolkit helps identify misconfigurations, assess privilege-escalation paths, and simulate attack techniques....
ProfileHound is a post-escalation tool to help find and achieve red-teaming objectives by locating domain user profiles on machines. It uses the BloodHound OpenGraph format to build a new edge called HasUserProfile which determines if a...
The compromise of a perimeter network appliance can swiftly shepherd a malefactor toward domain controllers and the enterprise’s most critical data repositories. In the nascent months of 2026, cybersecurity sentinels chronicled a sequence of...
PrivHound Local Privilege Escalation, as a Graph. A BloodHound OpenGraph collector that models Windows local privilege escalation as interconnected attack paths not a wall of text. For a long time, BloodHound has proven that...
ADPulse — Active Directory Security Scanner ADPulse is an open-source Active Directory security auditing tool that connects to a domain controller via LDAP(S), runs 35 automated security checks, and produces detailed reports in console,...
SmarterTools has disclosed a comprehensive retrospective regarding a recent infiltration of its infrastructure, meticulously delineating the adversaries’ entry vector and their subsequent maneuvers. The incursion originated from a solitary, neglected virtual mail server that...
Adversaries affiliated with the KongTuke threat collective have inaugurated a sophisticated malicious lineage dubbed CrashFix, specifically engineered to compromise Google Chrome users. According to findings from Huntress, the incursion commences with the procurement of...