From 237717cb0bd6e0fb4c145db155ebc1d3c3e31cff Mon Sep 17 00:00:00 2001
From: pe3zx <pe3zx@users.noreply.github.com>
Date: Fri, 6 Aug 2021 14:33:44 +0700
Subject: [PATCH] Add: GhostPack/ForgeCert to Privilege Escalation section

---
 Offensive.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/Offensive.md b/Offensive.md
index 0f7e8ca..d812354 100644
--- a/Offensive.md
+++ b/Offensive.md
@@ -777,6 +777,10 @@ Some tools can be categorized in more than one category. But because the current
         <td><a href="https://github.com/eladshamir/Whisker">eladshamir/Whisker</a></td>
         <td>Whisker is a C# tool for taking over Active Directory user and computer accounts by manipulating their msDS-KeyCredentialLink attribute, effectively adding "Shadow Credentials" to the target account.</td>
     </tr>
+    <tr>
+        <td><a href="https://github.com/GhostPack/ForgeCert">GhostPack/ForgeCert</a></td>
+        <td>ForgeCert uses the BouncyCastle C# API and a stolen Certificate Authority (CA) certificate + private key to forge certificates for arbitrary users capable of authentication to Active Directory.</td>
+    </tr>
     <tr>
         <td><a href="https://github.com/GoSecure/WSuspicious">GoSecure/WSuspicious</a></td>
         <td>WSuspicious - A tool to abuse insecure WSUS connections for privilege escalationsWSuspicious - A tool to abuse insecure WSUS connections for privilege escalations</td>