tfmarques23's repositories
AD-Attack-Defense
Attack and defend active directory using modern post exploitation adversary tradecraft activity
awesome-pentest
A collection of awesome penetration testing resources, tools and other shiny things
Awesome-RedTeam-Cheatsheet
Active Directory & Red-Team Cheat-Sheet in constant expansion.
AZ-104-MicrosoftAzureAdministrator
AZ-104 Microsoft Azure Administrator
commix
Automated All-in-One OS Command Injection Exploitation Tool.
CRTO
Certified Red Team Operator
CVE-2022-29072
7-Zip through 21.07 on Windows allows privilege escalation and command execution when a file with the .7z extension is dragged to the Help>Contents area.
deepdarkCTI
Collection of Cyber Threat Intelligence sources from the deep and dark web
EmailSecCheck
EmailSecCheck is a lightweight Python utility used to check for common SPF/DMARC misconfigurations that may allow for email spoofing.
Go365
An Office365 User Attack Tool
htrace.sh
My simple Swiss Army knife for http/https troubleshooting and profiling.
MSOLSpray
A password spraying tool for Microsoft Online accounts (Azure/O365). The script logs if a user cred is valid, if MFA is enabled on the account, if a tenant doesn't exist, if a user doesn't exist, if the account is locked, or if the account is disabled.
noPac
Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user
OSCP_notes
OSCP Guide
Pandoras-Box
This repo contains my custom scripts for Penetration Testing and Red Team Assessments. I will keep on updating this repo as and when I get time.
PetitPotam
PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw or other functions.
pscan
Multiprocessing Port Scanner
RedTeamPowershellScripts
Various PowerShell scripts that may be useful during red team exercise
routersploit
Exploitation Framework for Embedded Devices
sam-the-admin
Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user
SSRFire
An automated SSRF finder. Just give the domain name and your server and chill! ;) Also has options to find XSS and open redirects
tfmarques23
Config files for my GitHub profile.
VeraCryptThief
Extracting clear-text passwords from VeraCrypt.exe using API hooking
Web-Attack-Cheat-Sheet
Web Attack Cheat Sheet
WinPwn
Automation for internal Windows Penetrationtest / AD-Security