An open-source user mode debugger for Windows. Optimized for reverse engineering and malware analysis.

Six Degrees of Domain Admin

Simple (relatively) things allowing you to dig a bit deeper than usual.

PoCs for Kernelmode rootkit techniques research.

An advanced, yet simple, tunneling/pivoting tool that uses a TUN interface.

Dump the memory of any PPL with a Userland exploit chain

Set of ultra technical notes about AD

Dumping DPAPI credz remotely

Trying to tame the three-headed dog.

PingCastle - Get Active Directory Security at 80% in 20% of the time

Proof-of-Concept tool to authenticate to an LDAP/S server with a certificate through Schannel

Framework for Kerberos relaying

Kerberos unconstrained delegation abuse toolkit

A swiss army knife for pentesting networks

pwning IPv4 via IPv6

Check for LDAP protections regarding the relay of NTLM authentication

Testing TLS/SSL encryption anywhere on any port

Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authenticat…

Python tool to Check running WebClient services on multiple targets based on @leechristensen

Tool for Active Directory Certificate Services enumeration and abuse

Custom implementation of DbgHelp's MiniDumpWriteDump function. Uses static syscalls to replace low-level functions like NtReadVirtualMemory.

ADCS abuser

Active Directory certificate abuse.

Hackish way to intercept and modify non-HTTP protocols through Burp & others.

Socks5/4/4a Proxy support for Remote Desktop Protocol / Terminal Services / Citrix / XenApp / XenDesktop

A (partial) Python rewriting of PowerSploit's PowerView

Impacket is a collection of Python classes for working with network protocols.