Vulnerable Active Directory
Create a vulnerable AD that will allow you to test most AD attacks in a local lab
Main characteristics:
- Random attacks
- Full coverage of the listed attacks
- it is necessary to run the noscript in DC with Active Directory installed
- Some attacks require a client workstation
Supported attacks:
- Abuse of ACLs/ACEs
- Kerberoasting
- AS-REP Roasting
- Abuse of DnsAdmins
- Password in object denoscription
- Custom objects with default password (Changeme123!)
- Password spraying
- DCSync
- Silver ticket
- Golden Ticket
- Pass-the-Hash
- Pass-the-Ticket
- SMB signing disabled
https://github.com/WazeHell/vulnerable-AD
#Ad
#Lab
@NetPentesters
Create a vulnerable AD that will allow you to test most AD attacks in a local lab
Main characteristics:
- Random attacks
- Full coverage of the listed attacks
- it is necessary to run the noscript in DC with Active Directory installed
- Some attacks require a client workstation
Supported attacks:
- Abuse of ACLs/ACEs
- Kerberoasting
- AS-REP Roasting
- Abuse of DnsAdmins
- Password in object denoscription
- Custom objects with default password (Changeme123!)
- Password spraying
- DCSync
- Silver ticket
- Golden Ticket
- Pass-the-Hash
- Pass-the-Ticket
- SMB signing disabled
https://github.com/WazeHell/vulnerable-AD
#Ad
#Lab
@NetPentesters
GitHub
GitHub - safebuffer/vulnerable-AD: Create a vulnerable active directory that's allowing you to test most of the active directory…
Create a vulnerable active directory that's allowing you to test most of the active directory attacks in a local lab - GitHub - safebuffer/vulnerable-AD: Create a vulnerable active directo...
Azure Active Directory Exposes Internal Information
https://www.secureworks.com/research/azure-active-directory-exposes-internal-information
#Cloud
#Azure
#AD
@NetPentesters
https://www.secureworks.com/research/azure-active-directory-exposes-internal-information
#Cloud
#Azure
#AD
@NetPentesters
Sophos
Azure Active Directory Exposes Internal Information - Threat Analysis
A threat actor can gather a significant amount of OSINT from an Azure AD tenant. Microsoft addressed all but two of the issues CTU researchers identified..
Performing and Preventing Attacks on Azure Cloud Environments through Azure DevOps
https://labs.f-secure.com/blog/performing-and-preventing-attacks-on-azure-cloud-environments-through-azure-devops
#Cloud
#Azure
@NetPentesters
https://labs.f-secure.com/blog/performing-and-preventing-attacks-on-azure-cloud-environments-through-azure-devops
#Cloud
#Azure
@NetPentesters
Active Directory Domain Service Bug Let Attackers To Takeover Windows Domains
https://gbhackers.com/active-directory-domain-service-bug/
#AD
@NetPentesters
https://gbhackers.com/active-directory-domain-service-bug/
#AD
@NetPentesters
GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Active Directory Domain Service Bug Let Attackers To Takeover Windows Domains
AD bug detected recently by Andrew Bartlett of Catalyst IT, and these two security flaws allow hackers to take over Windows domains
A modern, simple TCP tunnel in Rust that exposes local ports to a remote server, bypassing standard NAT connection firewalls.
https://github.com/ekzhang/bore
#Bypass
#NAT
#Firewall
@NetPentesters
https://github.com/ekzhang/bore
#Bypass
#NAT
#Firewall
@NetPentesters
GitHub
GitHub - ekzhang/bore: 🕳 bore is a simple CLI tool for making tunnels to localhost
🕳 bore is a simple CLI tool for making tunnels to localhost - ekzhang/bore
Pentesting Azure: Recon Techniques
https://securitycafe.ro/2022/04/29/pentesting-azure-recon-techniques
#Cloud
#Azure
#recon
#techniques
@NetPentesters
https://securitycafe.ro/2022/04/29/pentesting-azure-recon-techniques
#Cloud
#Azure
#recon
#techniques
@NetPentesters
Security Café
Pentesting Azure: RECON Techniques
Even though Microsoft Azure is the second largest cloud solution after Amazon Web Services (AWS) from a market share perspective, it should be noted that approximately 95% of Forbes 500 companies u…
In what fields do you work? Or are you learning it?
Anonymous Poll
59%
Network Penetration Testing
37%
Web Penetration Testing
21%
Mobile Penetration Testing
16%
Pwn
25%
Malware Analysis
20%
Reverse Engineering
38%
OSINT
20%
Other
AWS Targeted by a Package Backfill Attack
https://www.whitesourcesoftware.com/resources/blog/aws-targeted-by-a-package-backfill-attack/
@NetPentesters
https://www.whitesourcesoftware.com/resources/blog/aws-targeted-by-a-package-backfill-attack/
@NetPentesters
Mend.io
The Mend.io AppSec Blog
The latest news and insights on application security and securing the software supply chain. Read the Mend.io blog here.
Pybatfish - Python Client For Batfish (Network Configuration Analysis Tool)
http://www.kitploit.com/2022/05/pybatfish-python-client-for-batfish.html
#tools
#Analysis
@NetPentesters
http://www.kitploit.com/2022/05/pybatfish-python-client-for-batfish.html
#tools
#Analysis
@NetPentesters
Kitploit
Kitploit – Maintenance in Progress
Kitploit is temporarily under maintenance. We’ll be back shortly with improvements.
NTLMRelay2Self
Escalate privileges locally by forcing the system you landed initial access on to reflectively authenticate over HTTP to itself and forward the received connection to an HTTP listener (ntlmrelayx) configured to relay to DC servers over LDAP/LDAPs for either setting shadow credentials or configuring RBCD.
#LDAP
#privesc
#relay
#webdav
#lpe
https://github.com/med0x2e/NTLMRelay2Self
@NetPentesters
Escalate privileges locally by forcing the system you landed initial access on to reflectively authenticate over HTTP to itself and forward the received connection to an HTTP listener (ntlmrelayx) configured to relay to DC servers over LDAP/LDAPs for either setting shadow credentials or configuring RBCD.
#LDAP
#privesc
#relay
#webdav
#lpe
https://github.com/med0x2e/NTLMRelay2Self
@NetPentesters
GitHub
GitHub - med0x2e/NTLMRelay2Self: An other No-Fix LPE, NTLMRelay2Self over HTTP (Webdav).
An other No-Fix LPE, NTLMRelay2Self over HTTP (Webdav). - med0x2e/NTLMRelay2Self
RCE in BIG-IP iControl REST (CVE-2022-1388)
This vulnerability could allow an unauthenticated attacker with network access to a BIG-IP system to execute arbitrary system commands, create or delete files, or disable services (CVE-2022-1388)
Dork for Shodan:
https://github.com/sherlocksecurity/CVE-2022-1388_F5_BIG-IP
#web
#cve
#rce
@NetPentesters
This vulnerability could allow an unauthenticated attacker with network access to a BIG-IP system to execute arbitrary system commands, create or delete files, or disable services (CVE-2022-1388)
Dork for Shodan:
http.noscript:"BIG-IP®-+Redirect" +"Server"https://github.com/sherlocksecurity/CVE-2022-1388_F5_BIG-IP
#web
#cve
#rce
@NetPentesters
GitHub
GitHub - sherlocksecurity/CVE-2022-1388-Exploit-POC: PoC for CVE-2022-1388_F5_BIG-IP
PoC for CVE-2022-1388_F5_BIG-IP. Contribute to sherlocksecurity/CVE-2022-1388-Exploit-POC development by creating an account on GitHub.
ICMP-TransferTools is a set of noscripts designed to move files to and from Windows hosts in restricted network environments.
https://github.com/icyguider/ICMP-TransferTools
#icmp
#file
#transfer
#bypass
#firewall
@NetPentesters
https://github.com/icyguider/ICMP-TransferTools
#icmp
#file
#transfer
#bypass
#firewall
@NetPentesters
GitHub
GitHub - icyguider/ICMP-TransferTools: Transfer files to and from a Windows host via ICMP in restricted network environments.
Transfer files to and from a Windows host via ICMP in restricted network environments. - icyguider/ICMP-TransferTools
PPID Spoofing & BlockDLLs with NtCreateUserProcess
https://offensivedefence.co.uk/posts/ntcreateuserprocess
@NetPentesters
https://offensivedefence.co.uk/posts/ntcreateuserprocess
@NetPentesters
offensivedefence.co.uk
PPID Spoofing & BlockDLLs with NtCreateUserProcess
This week, Capt. Meelo released a great blog post on how to call the NtCreateUserProcess API as a substitue for the typical Win32 CreateProcess API. This post will build upon Meelo’s, so I highly encourage you to read it first.
TL;DR, this code (not counting…
TL;DR, this code (not counting…
SearchMap Information Collection Tool
https://reconshell.com/searchmap-information-collection-tool/
@NetPentesters
https://reconshell.com/searchmap-information-collection-tool/
@NetPentesters
Transferring Files over ICMP in Restricted Network Environments
https://icyguider.github.io/2022/02/01/Transferring-Files-Over-ICMP.html
@NetPentesters
https://icyguider.github.io/2022/02/01/Transferring-Files-Over-ICMP.html
@NetPentesters
[ How to Exploit Active Directory ACL Attack Paths Through LDAP Relaying Attacks ]
https://www.praetorian.com/blog/how-to-exploit-active-directory-acl-attack-paths-through-ldap-relaying-attacks/
#ad
#acl
#ldap
#relay
@NetPentesters
https://www.praetorian.com/blog/how-to-exploit-active-directory-acl-attack-paths-through-ldap-relaying-attacks/
#ad
#acl
#ldap
#relay
@NetPentesters
Praetorian
How to Exploit Active Directory ACL Attack Paths Through LDAP Relaying Attacks
Overview This article describes methods by which an attacker can induce a victim user into authenticating using the NT Lan Manager (NTLM) Authentication Protocol to an attacker-controlled “Intranet” site, even in instances where that site points to an external…
Tool to scan user data with neural networks
Octopii is an AI based user information scanner that uses Tesseract's Optical Character Recognition (OCR) and MobileNet's Convolutional Neural Network (CNN) model.
Allows you to detect various forms of government IDs, passports, debit cards, driver's licenses, photographs, signatures, etc.
https://github.com/redhuntlabs/Octopii
#redteam #leak
@NetPentesters
Octopii is an AI based user information scanner that uses Tesseract's Optical Character Recognition (OCR) and MobileNet's Convolutional Neural Network (CNN) model.
Allows you to detect various forms of government IDs, passports, debit cards, driver's licenses, photographs, signatures, etc.
https://github.com/redhuntlabs/Octopii
#redteam #leak
@NetPentesters
GitHub
GitHub - redhuntlabs/Octopii: An AI-powered Personal Identifiable Information (PII) scanner.
An AI-powered Personal Identifiable Information (PII) scanner. - redhuntlabs/Octopii
Maximizing BloodHound with a simple suite of tools
[Maximizing BloodHound with a simple suite of tools]
A set of console utilities for working with Bloodhound. Retrieve/update objects, mark objects as Owned/High Value Targets, delete objects, match shattered passwords (hashcat) with users, execute raw DB query...
https://github.com/knavesec/Max
#AD
#bloodhound
@NetPentesters
[Maximizing BloodHound with a simple suite of tools]
A set of console utilities for working with Bloodhound. Retrieve/update objects, mark objects as Owned/High Value Targets, delete objects, match shattered passwords (hashcat) with users, execute raw DB query...
https://github.com/knavesec/Max
#AD
#bloodhound
@NetPentesters
GitHub
GitHub - knavesec/Max: Maximizing BloodHound. Max is a good boy.
Maximizing BloodHound. Max is a good boy. Contribute to knavesec/Max development by creating an account on GitHub.
SMB Session Spoofing: create a fake SMB Session
https://securityonline.info/smb-session-spoofing-create-a-fake-smb-session/
#SMB
#spoofing
@NetPentesters
https://securityonline.info/smb-session-spoofing-create-a-fake-smb-session/
#SMB
#spoofing
@NetPentesters
VLAN attacks toolkit
The author has nothing to do with those who will use this tool for personal purposes to destroy other people's computer networks. The tools are presented for training purposes to help engineers improve the security of their network.
https://github.com/necreas1ng/VLANPWN
#VLAN
@NetPentesters
The author has nothing to do with those who will use this tool for personal purposes to destroy other people's computer networks. The tools are presented for training purposes to help engineers improve the security of their network.
https://github.com/necreas1ng/VLANPWN
#VLAN
@NetPentesters