Projects

Personal knowledge base and note-taking platform for penetration testing engagements, red team operations, and offensive security research. Built as a central hub for methodology, tooling references, and engagement documentation.

Active Directory domain trust enumeration and attack path analysis. Classifies trust types, detects SID filtering status, enumerates foreign security principals, Kerberoastable accounts across boundaries, and vulnerable ADCS templates. Generates severity-rated attack paths with ready-to-use exploit commands.

Situational awareness tool for the first 5 minutes after getting domain credentials. Enumerates password policies, non-default groups, Kerberoastable and AS-REP roastable accounts, LAPS deployment, dangerous account flags, and legacy OS inventory. Exports clean markdown for note-taking.

AppLocker and WDAC policy analyser. Pulls policies from GPOs via LDAP and SYSVOL, parses XML rules across all collections (EXE, DLL, scripts, MSI, packaged apps), identifies bypass paths including missing DLL enforcement, audit-only modes, writable paths, and available LOLBINs.

Active Directory delegation abuse mapper and attack path analyser. Enumerates unconstrained, constrained, and resource-based constrained delegation configs via LDAP. Identifies exploitable S4U2Self/S4U2Proxy chains, TGT capture paths, and RBCD abuse scenarios with severity ratings and copy-paste commands.