VLAN attacks toolkit

The author has nothing to do with those who will use this tool for personal purposes to destroy other people's computer networks. The tools are presented for training purposes to help engineers improve the security of their network.
https://github.com/necreas1ng/VLANPWN
#VLAN
@NetPentesters

​​Active-Directory-Purple-Teaming

This repository is aimed at sharing the cliff notes for performing Red Teaming of Active Directory System combined with Detection Engineering part of AD Attacks

https://github.com/MirHassanRiaz/Active-Directory-Purple-Teaming

#ad
@NetPentesters

Pentesting Active directory



#AD
@NetPentesters

CVE-2022-26937

Microsoft Windows Network File System NLM Portmap Stack Buffer Overflow

https://www.zerodayinitiative.com/blog/2022/6/7/cve-2022-26937-microsoft-windows-network-file-system-nlm-portmap-stack-buffer-overflow

#exploit

@NetPentesters

​DNS_Tunneling

DNS Tunneling using powershell to download and execute a payload. Works in CLM.

https://github.com/Octoberfest7/DNS_Tunneling

@NetPentesters

​Cloud penetration testing

A curateinfrastrucd list of cloud pentesting resource, contains AWS, Azure, Google Cloud

https://github.com/kh4sh3i/cloud-penetration-testing
#Cloud
@NetPentesters

​Aced

Aced is a tool to parse and resolve a single targeted Active Directory principal's DACL. Aced will identify interesting inbound access allowed privileges against the targeted account, resolve the SIDS of the inbound permissions, and present that data to the operator.

Additionally, the logging features of pyldapsearch have been integrated with Aced to log the targeted principal's LDAP attributes locally which can then be parsed by pyldapsearch's companion tool BOFHound to ingest the collected data into BloodHound.

https://github.com/garrettfoster13/aced

#ad
#tools
@NetPentesters

MikroTik Cloud Hosted Router Universal Unpatchable Jailbreak

Universal "unpatchable" jailbreak for all MikroTik RouterOS versions:

1. Download Cloud Router VM image, boot it in your favourite hypervisor
2. Suspend / save to disk
3. Replace /nova/bin/login with /bin/sh in the saved memory image
4. Restore the running VM from the memory image

https://github.com/pedrib/PoC/blob/master/tools/mikrotik_jailbreak.py

#mikrotik
@NetPentesters

​CVE-2022-26937

Windows Network File System Crash PoC

https://github.com/omair2084/CVE-2022-26937

#cve
@NetPentesters

A tool to quickly scan subdomains

https://github.com/zidansec/subscan
#tools
@NetPentesters

This tool uses LDAP to check a domain for known abusable Kerberos delegation settings. Currently, it supports RBCD, Constrained, Constrained w/Protocol Transition, and Unconstrained Delegation checks.

Despite the name, I decided to add in a couple more features since the bulk of the code was already there. So now there is a get-spns command as well which can look for ASREP accounts or Kerberoastable SPNs.

https://github.com/IcebreakerSecurity/DelegationBOF


#tools
@NetPentesters

#pentest #bugbounty #recon
A list of search engines useful during Penetration testing, vulnerability assessments, red team operations, bug bounty and more

https://github.com/edoardottt/awesome-hacker-search-engines

@DK_HBB2

​Garud

An automation tool that scans sub-domains, sub-domain takeover and then filters out xss, ssti, ssrf and more injection point parameters.

https://github.com/R0X4R/Garud

@NetPentesters

Finding all things on-prem Microsoft for password spraying and enumeration.

The tool will used a list of common subdomains associated with your target apex domain to attempt to discover valid instances of on-prem Microsoft solutions. Screenshots of the tool in action are below:

https://github.com/puzzlepeaches/msprobe

@NetPentesters

Handy #BloodHound Cypher Queries

https://github.com/mgeeky/Penetration-Testing-Tools/blob/master/red-teaming/bloodhound/Handy-BloodHound-Cypher-Queries.md

https://hausec.com/2019/09/09/bloodhound-cypher-cheatsheet/

https://gist.github.com/jeffmcjunkin/7b4a67bb7dd0cfbfbd83768f3aa6eb12

https://gist.github.com/seajaysec/c7f0995b5a6a2d30515accde8513f77d

@NetPentesters

This PoC copy user specified dll to C:\Windows\System32\wow64log.dll and trigger MicrosoftEdgeUpdate service by creating instance of Microsoft Edge Update Legacy On Demand COM object (A6B716CB-028B-404D-B72C-50E153DD68DA) which run in SYSTEM context and will load wow64log.dll

https://github.com/Wh04m1001/IDiagnosticProfileUAC

@NetPentesters

#AD #lab #vagrant

[ GOAD ]
pentest active directory LAB project. The purpose of this lab is to give pentesters a vulnerable Active directory environement ready to use to practice usual attack techniques.

https://github.com/Orange-Cyberdefense/GOAD

@NetPentesters

Ad hoc collection of Red Teaming & Active Directory tooling. Use at your own risk.

https://github.com/expl0itabl3/Toolies

#redteam
#AD
@NetPentesters

​​ADFSRelay

This repository includes two utilities NTLMParse and #ADFSRelay. NTLMParse is a utility for decoding base64-encoded NTLM messages and printing information about the underlying properties and fields within the message.

Examining these NTLM messages is helpful when researching the behavior of a particular NTLM implementation. ADFSRelay is a proof of concept utility developed while researching the feasibility of NTLM relaying attacks targeting the ADFS service.

This utility can be leveraged to perform NTLM relaying attacks targeting ADFS. We have also released a blog post discussing ADFS relaying attacks in more detail [1].

https://github.com/praetorian-inc/ADFSRelay

Relaying to #ADFS Attacks
https://www.praetorian.com/blog/relaying-to-adfs-attacks


@NetPentesters