Extracting BitLocker keys sealed with a TPM by sniffing the LPC bus

Background On 2019-02-26 3:27am EST, I alerted Elastic to a reliable bypass for Winlogbeat. Thankfully, it is now fixed as of  6.6.2 I ...

A modern, flexible C2 framework (currently very beta) - Faction C2 Framework

PowerShell and Cobalt Strike noscripts for lateral movement using Excel 4.0 / XLM macros via DCOM (direct shellcode injection in Excel.exe) - outflanknl/Excel4-DCOM

Complete Mandiant Offensive VM (Commando VM), a fully customizable Windows-based pentesting virtual machine distribution. commandovm@mandiant.com - mandiant/commando-vm

SharpGPOAbuse is a .NET application written in C# that can be used to take advantage of a user's edit rights on a Group Policy Object (GPO) in order to compromise the objects that are contr...

Jordan Drysdale// This is basically a slight update and rip off of Marcello’s work out here: https://byt3bl33d3r.github.io/practical-guide-to-ntlm-relaying-in-2017-aka-getting-a-foothold-in-under-5-minutes.html /tl;dr – Zero to DA on an environment through…

Dump Azure AD Connect credentials for Azure AD and Active Directory - dirkjanm/adconnectdump

Death Metal is a toolkit designed to exploit AMT’s legitimate features, as the AMT framework’s functionality, designed for innocent system administration…

This is not my discovery, and is merely an expansion and demo of how to use the PrivExchange exploit. See _dirkjan’s blog post Abusing Exchange: One API call away from Domain Admin for the original discovery.

This is for educational purposes only. Never do security testing on a machine you do not own or have permission to test on. If you don’t…

Sniffing out password reuse