sccmhunter is a well known tool to perform several attacks, I wanted to add to this tool another technique which consist in coercing the client push installation service account by sending specific DDR payloads to the management point. The technique was described in another well known tool: SharpSCCM but only working on a windows OS connected on the AD.
After doing some digging on how it works, essentially by analysing wireshark captures of those HTTP DDR requests, I have implemented remotely working python code for this attack through the sccmhunter code base.
@garrettfoster13 has accepted my PR #93, code is now available on the official repo.