From 9b54aec728fa2511b22f574d0fe568fc9f082940 Mon Sep 17 00:00:00 2001
From: Kevin Robertson <Kevin-Robertson@users.noreply.github.com>
Date: Thu, 29 Aug 2019 10:59:08 -0400
Subject: Added Invoke-AgentSmith function

Added the Invoke-AgentSmith function for exceeding the MachineAccountQuota limit through transitive accounts.
---
 README.md | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'README.md')

diff --git a/README.md b/README.md
index 3632ad0..e5fdb97 100644
--- a/README.md
+++ b/README.md
@@ -118,6 +118,12 @@ Here is a list of some of the usual write access enabled attributes:
 * Use the modified account with runas /netonly  
 `runas /netonly /user:domain\test powershell` 
 
+### Invoke-AgentSmith
+
+This function leverages New-MachineAccount to recursively create as as many machine accounts as possible from a single unprivileged account through MachineAccountQuota. See the following blog post for details:  
+
+* https://blog.netspi.com/machineaccountquota-transitive-quota 
+
 ## DNS Functions
 
 By default, authenticated users have the 'Create all child objects' permission on the Active Directory-Integrated DNS (ADIDNS) zone. Most records that do not currently exist in an AD zone can be added/deleted. 
-- 
cgit v1.2.3