A blog post explaining the concept of Active Directory Trusts and their enumeration and exploitation
To install this module, drop the entire Privesc folder into one of your module directories. The default PowerShell module paths are listed in the $Env:PSModulePath environment variable. The default per-user module path is: "$Env:HomeDrive$Env:HOMEPATH\Documents\WindowsPowerShell\Modules" The default computer-level module path is: "$Env:windir\System32\WindowsPowerShell\v1.0\Modules" To use the module, type Import-Module Privesc To see the commands imported, type Get-Command -Module Privesc For help on each individual command, Get-Help is your friend. Note: The tools contained within this module were all designed such that they can be run individually. Including them in a module simply lends itself to increased portability. PowerUp aims to be a clearinghouse of common Windows privilege escalation vectors that rely on misconfigurations. Running Invoke-AllChecks will output any identifiable vulnerabilities along with specifications for any abuse functions. The -HTMLReport flag will also generate a COMPUTER.username.html version of the report. Author: @harmj0y License: BSD 3-Clause Required Dependencies: None Optional Dependencies: None Token/Privilege Enumeration/Abuse: Get-Pr
A blog post explaining the concept of Active Directory Trusts and their enumeration and exploitation
An attacker can create a new IAM policy version and set it as the default version without requiring the iam:SetDefaultPolicyVersion permission.
A tool for privilege escalation within Linux environments by targeting vulnerabilities in SUDO usage.
Certbot is a free tool for automatically enabling HTTPS on websites using Let's Encrypt certificates.
Redirects EC2 metadata API traffic to a container that retrieves temporary AWS credentials and proxies other calls to the EC2 metadata API.
AirIAM is an AWS IAM to least privilege Terraform execution framework that compiles AWS IAM usage and leverages that data to create a least-privilege IAM Terraform.