Quietly and anonymously bruteforce Active Directory usernames at insane speeds from Domain Controllers by (ab)using LDAP Ping requests (cLDAP)
-
Updated
Nov 9, 2024 - Go
Quietly and anonymously bruteforce Active Directory usernames at insane speeds from Domain Controllers by (ab)using LDAP Ping requests (cLDAP)
Research on UDP/TCP amplification vectors, payloads and mitigations against their use in DDoS Attacks
CVE-2026-41089 PoC — Netlogon CLDAP stack buffer overflow (CVSS 9.8 CRITICAL)
CVE-2026-41089 checker: unauthenticated, non-destructive detection for the Netlogon CLDAP stack buffer overflow (CVSS 9.8). Reports whether a domain controller's domain is long enough to crash, without sending the overflow. The binary-verified analysis the public PoCs got wrong.
A amplification/reflector scanner with CIDR support. Used for finding vulnerable protocols on your network commonly used by attackers to launch DrDoS attacks.
Active Directory time discovery protocols for red teams. Stealthy extraction via Kerberos, SMB, NTLM, and CLDAP.
Add a description, image, and links to the cldap topic page so that developers can more easily learn about it.
To associate your repository with the cldap topic, visit your repo's landing page and select "manage topics."