PingCastle - Get Active Directory Security at 80% in 20% of the time

RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.

记录自己编写、修改的部分工具

A PowerShell tool that takes strong inspiration from CrackMapExec / NetExec

Credentials gathering tool automating remote procdump and parse of lsass process.

Dump lsass using only Native APIs by hand-crafting Minidump files (without MinidumpWriteDump!!!)

Dump lsass using only NTAPIS running 3 programs to create 3 JSON and 1 ZIP file... and generate the Minidump later!

PowerShell module for Mimikatz

This tool leverages the Process Forking technique using the RtlCreateProcessReflection API to clone the lsass.exe process. Once the clone is created, it utilizes MINIDUMP_CALLBACK_INFORMATION callbacks to generate a memory dump of the cloned process

Perform DCSync operation without mimikatz

Python3 script to parse txt files containing Mimikatz output

import pyd or execute PE all from memory using only pure python code and some shellcode tricks

用c#实现了个远程拉取Mimikatz.ps1

PowerShellUtilities provides various utility commandlets.

Bypass国内主流杀软

Powerful script for logical obfuscation of powershell scripts

Windows10 hardening implemented in powershell for consumer or enterprise deployment

Invoke-KleptoKitty - Deploys Payloads and collects credentials

A minimal safe version of mimikatz to only allow the export of non-exportable Windows certificates

Script to extract the cached credentials from SSSD, getting Active Directory credentials from Unix systems