Pinned Repositories
AskingCreds
PowerShell script used to steal user/admin Windows password simply by asking the user
Challenges
Security challenges
checkpointSpray
CloudScraper
CloudScraper: Tool to enumerate targets in search of cloud resources. S3 Buckets, Azure Blobs, Digital Ocean Storage Space.
Delegate
Tool to perform GCP Domain Wide Delegation abuse and access Gmail and Drive data
Methodology
MSOLSpray
A password spraying tool for Microsoft Online accounts (Azure/O365). The script logs if a user cred is valid, if MFA is enabled on the account, if a tenant doesn't exist, if a user doesn't exist, if the account is locked, or if the account is disabled.
OffensiveCloud
Offensive security and Penetration Testing TTP for Cloud based environment (AWS / Azure / GCP)
PenTips
Penetration testing tips
snmbrute3
Python script used for offline brute force SNMP V3
lutzenfried's Repositories
lutzenfried/Methodology
lutzenfried/OffensiveCloud
Offensive security and Penetration Testing TTP for Cloud based environment (AWS / Azure / GCP)
lutzenfried/Delegate
Tool to perform GCP Domain Wide Delegation abuse and access Gmail and Drive data
lutzenfried/MSOLSpray
A password spraying tool for Microsoft Online accounts (Azure/O365). The script logs if a user cred is valid, if MFA is enabled on the account, if a tenant doesn't exist, if a user doesn't exist, if the account is locked, or if the account is disabled.
lutzenfried/PenTips
Penetration testing tips
lutzenfried/snmbrute3
Python script used for offline brute force SNMP V3
lutzenfried/CloudScraper
CloudScraper: Tool to enumerate targets in search of cloud resources. S3 Buckets, Azure Blobs, Digital Ocean Storage Space.
lutzenfried/AskingCreds
PowerShell script used to steal user/admin Windows password simply by asking the user
lutzenfried/checkpointSpray
lutzenfried/Challenges
Security challenges
lutzenfried/keepassSender
PowerShell script used to steal keepass database in cleartext using key shortcut if database is unlock
lutzenfried/OSCE3-Complete-Guide
OSWE, OSEP, OSED, OSEE
lutzenfried/queriesHound
BloodHound Custom Cypher queries
lutzenfried/Recon-AD
Recon-AD, an AD recon tool based on ADSI and reflective DLL’s
lutzenfried/subLocal
Simple multi-thread wordlist based sub domain brute force using socket python library
lutzenfried/aad-sso-enum-brute-spray
POC of SecureWorks' recent Azure Active Directory password brute-forcing vuln
lutzenfried/AbuseAzureAPIPermissions
Abuse Azure API permissions for red teaming
lutzenfried/ActiveDirectory
Apuntes Pentesting a ActiveDirectory PentesterAcademy
lutzenfried/ADModule
Microsoft signed ActiveDirectory PowerShell module
lutzenfried/APT_REPORT
Interesting APT Report Collection And Some Special IOC
lutzenfried/CLMBypassBlogpost
This code was used for the blogpost on secjuice.
lutzenfried/Docker-Remote-API-Exploit
Docker-Remote-API-Exploit
lutzenfried/keepassHijack
Simple python script to hijack keepass on Windows host
lutzenfried/NTLM_Downloader
PowerShell script used to download file through NTLM proxy
lutzenfried/PowerSploit
PowerSploit - A PowerShell Post-Exploitation Framework
lutzenfried/python
lutzenfried/RFI_Foot_Printing
PHP script used to achieve some recon on webserver when RFI vulnerability is detected
lutzenfried/Security-Research
Exploits written by the Rhino Security Labs team
lutzenfried/webAppPentest
lutzenfried/zipCracker
Python script for brute force attack on password ZIP file protected