Forwarded from SoheilSec (Soheil)
RemoteMonologue - A Windows credential harvesting attack that leverages the Interactive User RunAs key and coerces NTLM authentications via DCOM. Remotely compromise users without moving laterally or touching LSASS.
https://www.ibm.com/think/x-force/remotemonologue-weaponizing-dcom-ntlm-authentication-coercions#1
https://github.com/xforcered/RemoteMonologue
https://www.ibm.com/think/x-force/remotemonologue-weaponizing-dcom-ntlm-authentication-coercions#1
https://github.com/xforcered/RemoteMonologue
Ibm
RemoteMonologue: Weaponizing DCOM for NTLM authentication coercions | IBM
The IBM X-Force Red team covers the fundamentals of COM and DCOM, dives into the RunAs setting and why authentication coercions are impactful and introduces a new credential harvesting tool.
Impersonate Tokens using only NTAPI functions
https://github.com/ricardojoserf/NativeTokenImpersonate
https://github.com/ricardojoserf/NativeTokenImpersonate
GitHub
GitHub - ricardojoserf/NativeTokenImpersonate: Impersonate Tokens using only NTAPI functions
Impersonate Tokens using only NTAPI functions. Contribute to ricardojoserf/NativeTokenImpersonate development by creating an account on GitHub.
A new Mythic service container that allows you to auto-populate VECTR test cases based on your Mythic taskings for purple team.
https://github.com/MythicAgents/VECTR
https://github.com/MythicAgents/VECTR
GitHub
GitHub - MythicAgents/VECTR: A service container for interacting with SRA's VECTR
A service container for interacting with SRA's VECTR - MythicAgents/VECTR
BloodHound-MCP-AI is integration that connects BloodHound with AI through Model Context Protocol, allowing security professionals to analyze Active Directory attack paths using natural language instead of complex Cypher queries.
https://github.com/MorDavid/BloodHound-MCP-AI
https://github.com/MorDavid/BloodHound-MCP-AI
GitHub
GitHub - MorDavid/BloodHound-MCP-AI: BloodHound-MCP-AI is integration that connects BloodHound with AI through Model Context Protocol…
BloodHound-MCP-AI is integration that connects BloodHound with AI through Model Context Protocol, allowing security professionals to analyze Active Directory attack paths using natural language ins...
CVE-2025-21204 exploit simulation for non-admin users via junction-based path hijack.
https://cyberdom.blog/abusing-the-windows-update-stack-to-gain-system-access-cve-2025-21204/
https://raw.githubusercontent.com/eshlomo1/CloudSec/refs/heads/main/Attacking%20the%20Cloud/CVE-2025-21204/Exploit-CVE2025-UpdateStackLPE-NonAdmin.ps1
https://cyberdom.blog/abusing-the-windows-update-stack-to-gain-system-access-cve-2025-21204/
https://raw.githubusercontent.com/eshlomo1/CloudSec/refs/heads/main/Attacking%20the%20Cloud/CVE-2025-21204/Exploit-CVE2025-UpdateStackLPE-NonAdmin.ps1
CYBERDOM
Abusing the Windows Update Stack to Gain SYSTEM Access (CVE-2025-21204)
The CVE-2025-21204 is precisely that kind of vulnerability. It doesn't require a zero-day exploit or complex memory corruption chain. It doesn't need a phishing campaign or a dropped malware loader. All it takes is: A misused filesystem trust, a writable…
mssql dumper
https://github.com/LTJAXSON/MSSQL---Dumper
https://github.com/LTJAXSON/MSSQL---Dumper
GitHub
GitHub - LTJAXSON/MSSQL---Dumper: mssql_dumper is a powerful NetExec module designed to hunt for sensitive data across Microsoft…
mssql_dumper is a powerful NetExec module designed to hunt for sensitive data across Microsoft SQL Server databases with surgical precision. - LTJAXSON/MSSQL---Dumper
BadSuccessor ports:
Powershell : https://github.com/LuemmelSec/Pentest-Tools-Collection/blob/main/tools/ActiveDirectory/BadSuccessor.ps1
Python: https://github.com/cybrly/badsuccessor
.Net : https://github.com/logangoins/SharpSuccessor
added to
nxc : https://github.com/Pennyw0rth/NetExec
bloodyAD : https://github.com/CravateRouge/bloodyAD
Powershell : https://github.com/LuemmelSec/Pentest-Tools-Collection/blob/main/tools/ActiveDirectory/BadSuccessor.ps1
Python: https://github.com/cybrly/badsuccessor
.Net : https://github.com/logangoins/SharpSuccessor
added to
nxc : https://github.com/Pennyw0rth/NetExec
bloodyAD : https://github.com/CravateRouge/bloodyAD
GitHub
Pentest-Tools-Collection/tools/ActiveDirectory/BadSuccessor.ps1 at main · LuemmelSec/Pentest-Tools-Collection
Contribute to LuemmelSec/Pentest-Tools-Collection development by creating an account on GitHub.
evil-winrm python version
https://github.com/adityatelange/evil-winrm-py
https://github.com/adityatelange/evil-winrm-py
GitHub
GitHub - adityatelange/evil-winrm-py: Execute commands interactively on remote Windows machines using the WinRM protocol
Execute commands interactively on remote Windows machines using the WinRM protocol - adityatelange/evil-winrm-py
Signature Kid is a header only tool that steals a signature from a file and copy it to whathever file you want.
Beyond Stealing, Signature Kid goes a step further by Windows Internal to trick the system to treat the copied signature as valid.
https://github.com/dslee2022/SignatureKid
Beyond Stealing, Signature Kid goes a step further by Windows Internal to trick the system to treat the copied signature as valid.
https://github.com/dslee2022/SignatureKid
GitHub
GitHub - dslee2022/SignatureKid
Contribute to dslee2022/SignatureKid development by creating an account on GitHub.
BaldHead is a modular and interactive Active Directory (AD) attack framework built for red teamers and security testers. It automates enumeration and exploitation of AD misconfigurations
https://github.com/ahmadallobani/BaldHead
https://github.com/ahmadallobani/BaldHead
GitHub
GitHub - ahmadallobani/BaldHead: BaldHead is a modular and interactive Active Directory (AD) attack framework built for red teamers…
BaldHead is a modular and interactive Active Directory (AD) attack framework built for red teamers and security testers. It automates enumeration and exploitation of AD misconfigurations - ahmadall...
Decrypt SCCM and DPAPI secrets with Powershell.
https://github.com/The-Viper-One/Invoke-PowerDPAPI
https://github.com/The-Viper-One/Invoke-PowerDPAPI
GitHub
GitHub - The-Viper-One/Invoke-PowerDPAPI: Decrypt SCCM and DPAPI secrets with Powershell.
Decrypt SCCM and DPAPI secrets with Powershell. . Contribute to The-Viper-One/Invoke-PowerDPAPI development by creating an account on GitHub.
This media is not supported in your browser
VIEW IN TELEGRAM
This is PoC for CVE-2025-48799, an elevation of privilege vulnerability in Windows Update service.
https://github.com/Wh04m1001/CVE-2025-48799
https://github.com/Wh04m1001/CVE-2025-48799
Client-side Encrypted Upload Server Python Script
https://github.com/vysecurity/ExfilServer
https://github.com/vysecurity/ExfilServer
GitHub
GitHub - vysecurity/ExfilServer: Client-side Encrypted Upload Server Python Script
Client-side Encrypted Upload Server Python Script. Contribute to vysecurity/ExfilServer development by creating an account on GitHub.
Critical vulnerability in Windows Server 2025 allows attackers with KDS root key access to generate passwords for all dMSA/gMSA accounts forest-wide. New research reveals design flaw in ManagedPasswordId structure - only 1,024 possible combinations makes brute-force trivial.
https://github.com/Semperis/GoldenDMSA
https://www.semperis.com/blog/golden-dmsa-what-is-dmsa-authentication-bypass/
https://github.com/Semperis/GoldenDMSA
https://www.semperis.com/blog/golden-dmsa-what-is-dmsa-authentication-bypass/
GitHub
GitHub - Semperis/GoldenDMSA: This tool exploits Golden DMSA attack against delegated Managed Service Accounts.
This tool exploits Golden DMSA attack against delegated Managed Service Accounts. - Semperis/GoldenDMSA
CVE-2025-53770 exploit
https://github.com/soltanali0/CVE-2025-53770-Exploit
https://github.com/soltanali0/CVE-2025-53770-Exploit
GitHub
GitHub - soltanali0/CVE-2025-53770-Exploit: SharePoint WebPart Injection Exploit Tool
SharePoint WebPart Injection Exploit Tool. Contribute to soltanali0/CVE-2025-53770-Exploit development by creating an account on GitHub.