Azure Dominance Paths
https://cloudbrothers.info/en/azure-dominance-paths/
#azure
#cloud
#AD
@NetPentesters
https://cloudbrothers.info/en/azure-dominance-paths/
#azure
#cloud
#AD
@NetPentesters
cloudbrothers.info
Azure Attack Paths
Creating and maintaining a secure environment is hard. And with every technology or product added to your environment it gets more complicated. Microsoft Azure as a cloud environment is no exception to this rule and with the many services and features that…
All MITM attacks in one place :
https://github.com/frostbits-security/MITM-cheatsheet
#MITM
#Cheatsheet
@NetPentesters
https://github.com/frostbits-security/MITM-cheatsheet
#MITM
#Cheatsheet
@NetPentesters
GitHub
GitHub - frostbits-security/MITM-cheatsheet: All MITM attacks in one place.
All MITM attacks in one place. Contribute to frostbits-security/MITM-cheatsheet development by creating an account on GitHub.
Resources for Kubernetes network policies
https://github.com/networkpolicy/community
#pollicies
@NetPentesters
https://github.com/networkpolicy/community
#pollicies
@NetPentesters
GitHub
GitHub - networkpolicy/community: Resources for Kubernetes network policies
Resources for Kubernetes network policies. Contribute to networkpolicy/community development by creating an account on GitHub.
LDAP relays for initial foothold in dire situations
https://offsec.almond.consulting/ldap-relays-for-initial-foothold-in-dire-situations.html
#LDAP
@NetPentesters
https://offsec.almond.consulting/ldap-relays-for-initial-foothold-in-dire-situations.html
#LDAP
@NetPentesters
Active Directory (Attack & Defense )
https://0xsp.com/offensive/active-directory-attack-defense
#AD
#Attack
#Defense
@NetPentesters
https://0xsp.com/offensive/active-directory-attack-defense
#AD
#Attack
#Defense
@NetPentesters
MITRE ATT&CK TTP’s used by LAPSUS$
Two interesting techniques used by LAPSUS$ (Code Signing, Disable, and Modify Tools)
#MITRE
@NetPentesters
Two interesting techniques used by LAPSUS$ (Code Signing, Disable, and Modify Tools)
#MITRE
@NetPentesters
Vulnerable Active Directory
Create a vulnerable AD that will allow you to test most AD attacks in a local lab
Main characteristics:
- Random attacks
- Full coverage of the listed attacks
- it is necessary to run the noscript in DC with Active Directory installed
- Some attacks require a client workstation
Supported attacks:
- Abuse of ACLs/ACEs
- Kerberoasting
- AS-REP Roasting
- Abuse of DnsAdmins
- Password in object denoscription
- Custom objects with default password (Changeme123!)
- Password spraying
- DCSync
- Silver ticket
- Golden Ticket
- Pass-the-Hash
- Pass-the-Ticket
- SMB signing disabled
https://github.com/WazeHell/vulnerable-AD
#Ad
#Lab
@NetPentesters
Create a vulnerable AD that will allow you to test most AD attacks in a local lab
Main characteristics:
- Random attacks
- Full coverage of the listed attacks
- it is necessary to run the noscript in DC with Active Directory installed
- Some attacks require a client workstation
Supported attacks:
- Abuse of ACLs/ACEs
- Kerberoasting
- AS-REP Roasting
- Abuse of DnsAdmins
- Password in object denoscription
- Custom objects with default password (Changeme123!)
- Password spraying
- DCSync
- Silver ticket
- Golden Ticket
- Pass-the-Hash
- Pass-the-Ticket
- SMB signing disabled
https://github.com/WazeHell/vulnerable-AD
#Ad
#Lab
@NetPentesters
GitHub
GitHub - safebuffer/vulnerable-AD: Create a vulnerable active directory that's allowing you to test most of the active directory…
Create a vulnerable active directory that's allowing you to test most of the active directory attacks in a local lab - GitHub - safebuffer/vulnerable-AD: Create a vulnerable active directo...
Azure Active Directory Exposes Internal Information
https://www.secureworks.com/research/azure-active-directory-exposes-internal-information
#Cloud
#Azure
#AD
@NetPentesters
https://www.secureworks.com/research/azure-active-directory-exposes-internal-information
#Cloud
#Azure
#AD
@NetPentesters
Sophos
Azure Active Directory Exposes Internal Information - Threat Analysis
A threat actor can gather a significant amount of OSINT from an Azure AD tenant. Microsoft addressed all but two of the issues CTU researchers identified..
Performing and Preventing Attacks on Azure Cloud Environments through Azure DevOps
https://labs.f-secure.com/blog/performing-and-preventing-attacks-on-azure-cloud-environments-through-azure-devops
#Cloud
#Azure
@NetPentesters
https://labs.f-secure.com/blog/performing-and-preventing-attacks-on-azure-cloud-environments-through-azure-devops
#Cloud
#Azure
@NetPentesters
Active Directory Domain Service Bug Let Attackers To Takeover Windows Domains
https://gbhackers.com/active-directory-domain-service-bug/
#AD
@NetPentesters
https://gbhackers.com/active-directory-domain-service-bug/
#AD
@NetPentesters
GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Active Directory Domain Service Bug Let Attackers To Takeover Windows Domains
AD bug detected recently by Andrew Bartlett of Catalyst IT, and these two security flaws allow hackers to take over Windows domains
A modern, simple TCP tunnel in Rust that exposes local ports to a remote server, bypassing standard NAT connection firewalls.
https://github.com/ekzhang/bore
#Bypass
#NAT
#Firewall
@NetPentesters
https://github.com/ekzhang/bore
#Bypass
#NAT
#Firewall
@NetPentesters
GitHub
GitHub - ekzhang/bore: 🕳 bore is a simple CLI tool for making tunnels to localhost
🕳 bore is a simple CLI tool for making tunnels to localhost - ekzhang/bore
Pentesting Azure: Recon Techniques
https://securitycafe.ro/2022/04/29/pentesting-azure-recon-techniques
#Cloud
#Azure
#recon
#techniques
@NetPentesters
https://securitycafe.ro/2022/04/29/pentesting-azure-recon-techniques
#Cloud
#Azure
#recon
#techniques
@NetPentesters
Security Café
Pentesting Azure: RECON Techniques
Even though Microsoft Azure is the second largest cloud solution after Amazon Web Services (AWS) from a market share perspective, it should be noted that approximately 95% of Forbes 500 companies u…
In what fields do you work? Or are you learning it?
Anonymous Poll
59%
Network Penetration Testing
37%
Web Penetration Testing
21%
Mobile Penetration Testing
16%
Pwn
25%
Malware Analysis
20%
Reverse Engineering
38%
OSINT
20%
Other
AWS Targeted by a Package Backfill Attack
https://www.whitesourcesoftware.com/resources/blog/aws-targeted-by-a-package-backfill-attack/
@NetPentesters
https://www.whitesourcesoftware.com/resources/blog/aws-targeted-by-a-package-backfill-attack/
@NetPentesters
Mend.io
The Mend.io AppSec Blog
The latest news and insights on application security and securing the software supply chain. Read the Mend.io blog here.
Pybatfish - Python Client For Batfish (Network Configuration Analysis Tool)
http://www.kitploit.com/2022/05/pybatfish-python-client-for-batfish.html
#tools
#Analysis
@NetPentesters
http://www.kitploit.com/2022/05/pybatfish-python-client-for-batfish.html
#tools
#Analysis
@NetPentesters
Kitploit
Kitploit – Maintenance in Progress
Kitploit is temporarily under maintenance. We’ll be back shortly with improvements.
NTLMRelay2Self
Escalate privileges locally by forcing the system you landed initial access on to reflectively authenticate over HTTP to itself and forward the received connection to an HTTP listener (ntlmrelayx) configured to relay to DC servers over LDAP/LDAPs for either setting shadow credentials or configuring RBCD.
#LDAP
#privesc
#relay
#webdav
#lpe
https://github.com/med0x2e/NTLMRelay2Self
@NetPentesters
Escalate privileges locally by forcing the system you landed initial access on to reflectively authenticate over HTTP to itself and forward the received connection to an HTTP listener (ntlmrelayx) configured to relay to DC servers over LDAP/LDAPs for either setting shadow credentials or configuring RBCD.
#LDAP
#privesc
#relay
#webdav
#lpe
https://github.com/med0x2e/NTLMRelay2Self
@NetPentesters
GitHub
GitHub - med0x2e/NTLMRelay2Self: An other No-Fix LPE, NTLMRelay2Self over HTTP (Webdav).
An other No-Fix LPE, NTLMRelay2Self over HTTP (Webdav). - med0x2e/NTLMRelay2Self
RCE in BIG-IP iControl REST (CVE-2022-1388)
This vulnerability could allow an unauthenticated attacker with network access to a BIG-IP system to execute arbitrary system commands, create or delete files, or disable services (CVE-2022-1388)
Dork for Shodan:
https://github.com/sherlocksecurity/CVE-2022-1388_F5_BIG-IP
#web
#cve
#rce
@NetPentesters
This vulnerability could allow an unauthenticated attacker with network access to a BIG-IP system to execute arbitrary system commands, create or delete files, or disable services (CVE-2022-1388)
Dork for Shodan:
http.noscript:"BIG-IP®-+Redirect" +"Server"https://github.com/sherlocksecurity/CVE-2022-1388_F5_BIG-IP
#web
#cve
#rce
@NetPentesters
GitHub
GitHub - sherlocksecurity/CVE-2022-1388-Exploit-POC: PoC for CVE-2022-1388_F5_BIG-IP
PoC for CVE-2022-1388_F5_BIG-IP. Contribute to sherlocksecurity/CVE-2022-1388-Exploit-POC development by creating an account on GitHub.
ICMP-TransferTools is a set of noscripts designed to move files to and from Windows hosts in restricted network environments.
https://github.com/icyguider/ICMP-TransferTools
#icmp
#file
#transfer
#bypass
#firewall
@NetPentesters
https://github.com/icyguider/ICMP-TransferTools
#icmp
#file
#transfer
#bypass
#firewall
@NetPentesters
GitHub
GitHub - icyguider/ICMP-TransferTools: Transfer files to and from a Windows host via ICMP in restricted network environments.
Transfer files to and from a Windows host via ICMP in restricted network environments. - icyguider/ICMP-TransferTools