Curtis Houghton's repositories
Penetration-Testing-Cheat-Sheet
An in-depth guide to help people who are new to penetration testing or red teaming and are looking to gain an overview of the penetration testing process. This guide will focus on both the penetration testing and red team process and contain detailed information.
AADInternals-Endpoints
AADInternals-Endpoints PowerShell module
ADExplorerSnapshot.py
ADExplorerSnapshot.py is an AD Explorer snapshot parser. It is made as an ingestor for BloodHound, and also supports full-object dumping to NDJSON.
Amnesiac
Amnesiac is a post-exploitation framework entirely written in PowerShell and designed to assist with lateral movement within Active Directory environments
APEX
Azure Post Exploitation Framework
autobloody
Tool to automatically exploit Active Directory privilege escalation paths shown by BloodHound
bloodyAD
BloodyAD is an Active Directory Privilege Escalation Framework
Certify
Active Directory certificate abuse.
CVE-2024-21762
out-of-bounds write in Fortinet FortiOS CVE-2024-21762 vulnerability
CVE-2024-49113
LdapNightmare is a PoC tool that tests a vulnerable Windows Server against CVE-2024-49113
cve-ss-poc
a signal handler race condition in OpenSSH's server (sshd)
EDR-Preloader
An EDR bypass that prevents EDRs from hooking or loading DLLs into our process by hijacking the AppVerifier layer
EDRSilencer
A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the server.
GhostDriver
yet another AV killer tool using BYOVD
InternalAllTheThings
Active Directory and Internal Pentest Cheatsheets
MemProcFS
MemProcFS
msldap
LDAP library for auditing MS AD
netcredz
With zero depedencies, NetCredz extracts credentials from pcap files or live traffic, supporting NTLM, LDAP, HTTP, SMTP, SNMP, Telnet, FTP, and Kerberos, while also detecting DHCPv6 and LLMNR traffic. Inspired by PCredz from Laurent Gaffie
Nimperiments
Various one-off pentesting projects written in Nim. Updates happen on a whim.
pingcastle
PingCastle - Get Active Directory Security at 80% in 20% of the time
powershell-multithreaded-tcp-port-scanner
A powershell Multi-Threaded TCP Port Scanner
process-inject-kit
Port of Cobalt Strike's Process Inject Kit
PyPhisher
Easy to use phishing tool with 77 website templates. Author is not responsible for any misuse.
pywhisker
Python version of the C# tool for "Shadow Credentials" attacks
rengine
reNgine is an automated reconnaissance framework.
ROADtools
A collection of Azure AD/Entra tools for offensive and defensive security purposes
routersploit
Exploitation Framework for Embedded Devices
SCCMSecrets
SCCMSecrets.py aims at exploiting SCCM policies distribution for credentials harvesting, initial access and lateral movement.
ThreadlessInject-C
This repository implements Threadless Injection in C
TrickDump
Dump lsass using only NTAPI functions creating 3 JSON and 1 ZIP file... and generate the MiniDump file later!