garrettfoster13/sccmhunter
GitHub: garrettfoster13/sccmhunter
一款针对 Microsoft SCCM/MECM 的后渗透工具,用于在 Active Directory 环境中发现、剖析和攻击 SCCM 相关资产。
Stars: 892 | Forks: 116
[](https://github.com/garrettfoster13/sccmhunter)
[](https://www.blackhat.com/us-24/arsenal/schedule/index.html#sccmhunter-38141)
[](https://www.blackhat.com/us-25/arsenal/schedule/#sccmhunter-45602)
[](https://x.com/unsigned_sh0rt)
[@\_mayyhem](https://twitter.com/_Mayyhem)
[强制 SCCM 进行 NTLM 身份验证](https://posts.specterops.io/coercing-ntlm-authentication-from-sccm-e6e23ea8260a)
[通过自动客户端推送安装实现 SCCM 站点接管](https://posts.specterops.io/sccm-site-takeover-via-automatic-client-push-installation-f567ec80d5b1)
[@TechBrandon](https://twitter.com/TechBrandon)
[推推搡搡:探索 SCCM 客户端推送账户的攻击面](https://www.hub.trimarcsecurity.com/post/push-comes-to-shove-exploring-the-attack-surface-of-sccm-client-push-accounts)
[推推搡搡:绕过 SCCM 客户端推送账户的 Kerberos 身份验证](https://www.hub.trimarcsecurity.com/post/push-comes-to-shove-bypassing-kerberos-authentication-of-sccm-client-push-accounts)
[@Raiona_ZA](https://twitter.com/Raiona_ZA)
[识别并从 SCCM/MECM 任务序列中检索凭据](https://www.mwrcybersec.com/research_items/identifying-and-retrieving-credentials-from-sccm-mecm-task-sequences)
[@\_xpn\_](https://twitter.com/_xpn_)
[通过去混淆网络访问账户来探索 SCCM](https://blog.xpnsec.com/unobfuscating-network-access-accounts/)
[@subat0mik](https://twitter.com/subat0mik)
[SCCM 的幽灵凭据:为何 NAA 不会消亡](https://posts.specterops.io/the-phantom-credentials-of-sccm-why-the-naa-wont-die-332ac7aa1ab9)
[@HackingDave](https://twitter.com/HackingDave)
[攻陷一个即可统领全局](https://www.youtube.com/watch?v=Mz9Bg9KAKBs)
[@\_mayyhem](https://twitter.com/_Mayyhem)
[强制 SCCM 进行 NTLM 身份验证](https://posts.specterops.io/coercing-ntlm-authentication-from-sccm-e6e23ea8260a)
[通过自动客户端推送安装实现 SCCM 站点接管](https://posts.specterops.io/sccm-site-takeover-via-automatic-client-push-installation-f567ec80d5b1)
[@TechBrandon](https://twitter.com/TechBrandon)
[推推搡搡:探索 SCCM 客户端推送账户的攻击面](https://www.hub.trimarcsecurity.com/post/push-comes-to-shove-exploring-the-attack-surface-of-sccm-client-push-accounts)
[推推搡搡:绕过 SCCM 客户端推送账户的 Kerberos 身份验证](https://www.hub.trimarcsecurity.com/post/push-comes-to-shove-bypassing-kerberos-authentication-of-sccm-client-push-accounts)
[@Raiona_ZA](https://twitter.com/Raiona_ZA)
[识别并从 SCCM/MECM 任务序列中检索凭据](https://www.mwrcybersec.com/research_items/identifying-and-retrieving-credentials-from-sccm-mecm-task-sequences)
[@\_xpn\_](https://twitter.com/_xpn_)
[通过去混淆网络访问账户来探索 SCCM](https://blog.xpnsec.com/unobfuscating-network-access-accounts/)
[@subat0mik](https://twitter.com/subat0mik)
[SCCM 的幽灵凭据:为何 NAA 不会消亡](https://posts.specterops.io/the-phantom-credentials-of-sccm-why-the-naa-wont-die-332ac7aa1ab9)
[@HackingDave](https://twitter.com/HackingDave)
[攻陷一个即可统领全局](https://www.youtube.com/watch?v=Mz9Bg9KAKBs)
标签:Active Directory, BlackHat Arsenal, HTTP/HTTPS抓包, Modbus, PE 加载器, Plaso, Python, SCCM, System Center Configuration Manager, Web报告查看器, 企业安全, 协议分析, 域渗透, 态势感知, 插件系统, 无后门, 权限提升, 横向移动, 活动目录, 电子数据取证, 编程规范, 网络安全, 网络资产管理, 逆向工具, 隐私保护