Attack Graph Visualizer and Explorer (Active Directory) ...Who's *really* Domain Admin?

Six Degrees of Domain Admin

Custom Query list for the Bloodhound GUI based off my cheatsheet

Just another Powerview alternative

BloodyAD is an Active Directory Privilege Escalation Framework

Tool for Active Directory Certificate Services enumeration and abuse

Python version of the C# tool for "Shadow Credentials" attacks

Whisker is a C# tool for taking over Active Directory user and computer accounts by manipulating their msDS-KeyCredentialLink attribute, effectively adding "Shadow Credentials" to the target account.

Tools for Kerberos PKINIT and relaying to AD CS

Simple script to extract useful informations from the combo BloodHound + Neo4j

Recover the default privilege set of a LOCAL/NETWORK SERVICE account

A complete terminal user interface (TUI) for LDAP.

Assess the security of your Active Directory with few or all privileges.

New generation of wmiexec.py

A C# utility for interacting with SCCM

Flexible LDAP proxy that can be used to inspect & transform all LDAP packets generated by other tools on the fly.

A PowerShell script to perform PKINIT authentication with the Windows API from a non domain-joined machine.

Light LDAP implementation

DavRelayUp - a universal no-fix local privilege escalation in domain-joined windows workstations where LDAP signing is not enforced (the default settings).

KrbRelayUp - a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).

Tool for Active Directory Certificate Services enumeration and abuse

CLI tool to interact with the BloodHound CE API

.NET Post-Exploitation Utility for Abusing Explicit Certificate Mappings in ADCS