Handy #BloodHound Cypher Queries
https://github.com/mgeeky/Penetration-Testing-Tools/blob/master/red-teaming/bloodhound/Handy-BloodHound-Cypher-Queries.md
https://hausec.com/2019/09/09/bloodhound-cypher-cheatsheet/
https://gist.github.com/jeffmcjunkin/7b4a67bb7dd0cfbfbd83768f3aa6eb12
https://gist.github.com/seajaysec/c7f0995b5a6a2d30515accde8513f77d
@NetPentesters
https://github.com/mgeeky/Penetration-Testing-Tools/blob/master/red-teaming/bloodhound/Handy-BloodHound-Cypher-Queries.md
https://hausec.com/2019/09/09/bloodhound-cypher-cheatsheet/
https://gist.github.com/jeffmcjunkin/7b4a67bb7dd0cfbfbd83768f3aa6eb12
https://gist.github.com/seajaysec/c7f0995b5a6a2d30515accde8513f77d
@NetPentesters
GitHub
Penetration-Testing-Tools/red-teaming/bloodhound/Handy-BloodHound-Cypher-Queries.md at master · mgeeky/Penetration-Testing-Tools
A collection of more than 170+ tools, noscripts, cheatsheets and other loots that I've developed over years for Red Teaming/Pentesting/IT Security audits purposes. - mgeeky/Penetration-Testing-Tools
This PoC copy user specified dll to
https://github.com/Wh04m1001/IDiagnosticProfileUAC
@NetPentesters
C:\Windows\System32\wow64log.dll and trigger MicrosoftEdgeUpdate service by creating instance of Microsoft Edge Update Legacy On Demand COM object (A6B716CB-028B-404D-B72C-50E153DD68DA) which run in SYSTEM context and will load wow64log.dllhttps://github.com/Wh04m1001/IDiagnosticProfileUAC
@NetPentesters
GitHub
GitHub - Wh04m1001/IDiagnosticProfileUAC
Contribute to Wh04m1001/IDiagnosticProfileUAC development by creating an account on GitHub.
#AD #lab #vagrant
[ GOAD ]
pentest active directory LAB project. The purpose of this lab is to give pentesters a vulnerable Active directory environement ready to use to practice usual attack techniques.
https://github.com/Orange-Cyberdefense/GOAD
@NetPentesters
[ GOAD ]
pentest active directory LAB project. The purpose of this lab is to give pentesters a vulnerable Active directory environement ready to use to practice usual attack techniques.
https://github.com/Orange-Cyberdefense/GOAD
@NetPentesters
GitHub
GitHub - Orange-Cyberdefense/GOAD: game of active directory
game of active directory. Contribute to Orange-Cyberdefense/GOAD development by creating an account on GitHub.
Ad hoc collection of Red Teaming & Active Directory tooling. Use at your own risk.
https://github.com/expl0itabl3/Toolies
#redteam
#AD
@NetPentesters
https://github.com/expl0itabl3/Toolies
#redteam
#AD
@NetPentesters
GitHub
GitHub - expl0itabl3/Toolies: Ad hoc collection of Red Teaming & Active Directory tooling.
Ad hoc collection of Red Teaming & Active Directory tooling. - expl0itabl3/Toolies
ADFSRelay
This repository includes two utilities NTLMParse and #ADFSRelay. NTLMParse is a utility for decoding base64-encoded NTLM messages and printing information about the underlying properties and fields within the message.
Examining these NTLM messages is helpful when researching the behavior of a particular NTLM implementation. ADFSRelay is a proof of concept utility developed while researching the feasibility of NTLM relaying attacks targeting the ADFS service.
This utility can be leveraged to perform NTLM relaying attacks targeting ADFS. We have also released a blog post discussing ADFS relaying attacks in more detail [1].
https://github.com/praetorian-inc/ADFSRelay
Relaying to #ADFS Attacks
https://www.praetorian.com/blog/relaying-to-adfs-attacks
@NetPentesters
This repository includes two utilities NTLMParse and #ADFSRelay. NTLMParse is a utility for decoding base64-encoded NTLM messages and printing information about the underlying properties and fields within the message.
Examining these NTLM messages is helpful when researching the behavior of a particular NTLM implementation. ADFSRelay is a proof of concept utility developed while researching the feasibility of NTLM relaying attacks targeting the ADFS service.
This utility can be leveraged to perform NTLM relaying attacks targeting ADFS. We have also released a blog post discussing ADFS relaying attacks in more detail [1].
https://github.com/praetorian-inc/ADFSRelay
Relaying to #ADFS Attacks
https://www.praetorian.com/blog/relaying-to-adfs-attacks
@NetPentesters
RouterSpace | HackTheBox Walkthrough
This is a writeup for the retired machine RouterSpace from Hack The Box
Link: https://app.hackthebox.com/machines/444
#HTB #RouterSpace #writeups
@NetPentesters
This is a writeup for the retired machine RouterSpace from Hack The Box
Link: https://app.hackthebox.com/machines/444
#HTB #RouterSpace #writeups
@NetPentesters
Medium
RouterSpace | HackTheBox Walkthrough
This is a writeup for the retired machine RouterSpace from Hack The Box
ChopHound
Some noscripts for dealing with any challenges that might arise when importing (large) JSON datasets into BloodHound.
https://github.com/bitsadmin/chophound
Blog post:
https://blog.bitsadmin.com/blog/dealing-with-large-bloodhound-datasets
#ad #bloodhound #cypher
@NetPentesters
Some noscripts for dealing with any challenges that might arise when importing (large) JSON datasets into BloodHound.
https://github.com/bitsadmin/chophound
Blog post:
https://blog.bitsadmin.com/blog/dealing-with-large-bloodhound-datasets
#ad #bloodhound #cypher
@NetPentesters
GitHub
GitHub - bitsadmin/chophound: Some noscripts to support with importing large datasets into BloodHound
Some noscripts to support with importing large datasets into BloodHound - bitsadmin/chophound
AADInternals
AADInternals toolkit - PowerShell module containing tools for administering and hacking Azure AD / Office 365
https://github.com/Gerenios/AADInternals
Research:
http://o365blog.com/aadinternals
#ad #powershell #Azure
@NetPentesters
AADInternals toolkit - PowerShell module containing tools for administering and hacking Azure AD / Office 365
https://github.com/Gerenios/AADInternals
Research:
http://o365blog.com/aadinternals
#ad #powershell #Azure
@NetPentesters
GitHub
GitHub - Gerenios/AADInternals: AADInternals PowerShell module for administering Azure AD and Office 365
AADInternals PowerShell module for administering Azure AD and Office 365 - Gerenios/AADInternals
SharpWSUS
Today, we’re releasing a new tool called SharpWSUS. This is a continuation of existing WSUS attack tooling such as WSUSPendu and Thunder_Woosus. It brings their complete functionality to .NET, in a way that can be reliably and flexibly used through command and control (C2) channels, including through PoshC2.
https://github.com/nettitude/SharpWSUS
Research:
https://labs.nettitude.com/blog/introducing-sharpwsus/
#wsus
@NetPentesters
Today, we’re releasing a new tool called SharpWSUS. This is a continuation of existing WSUS attack tooling such as WSUSPendu and Thunder_Woosus. It brings their complete functionality to .NET, in a way that can be reliably and flexibly used through command and control (C2) channels, including through PoshC2.
https://github.com/nettitude/SharpWSUS
Research:
https://labs.nettitude.com/blog/introducing-sharpwsus/
#wsus
@NetPentesters
GitHub
GitHub - nettitude/SharpWSUS
Contribute to nettitude/SharpWSUS development by creating an account on GitHub.
Active Directory Penetration Testing Checklist
https://gbhackers.com/active-directory-penetration-testing-checklist/
#AD
#checklist
#pentest
@NetPentesters
https://gbhackers.com/active-directory-penetration-testing-checklist/
#AD
#checklist
#pentest
@NetPentesters
GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Active Directory Penetration Testing Checklist - 2023
Active directory penetration testing this article can be helpful for penetration testers and security experts who want to secure their network
pinecone
WLAN networks auditing tool, suitable for red team usage. It is extensible via modules, and it is designed to be run in Debian-based operating systems. Pinecone is specially oriented to be used with a Raspberry Pi, as a portable wireless auditing box.
https://github.com/pinecone-wifi/pinecone
#wlan
#tools
@NetPentesters
WLAN networks auditing tool, suitable for red team usage. It is extensible via modules, and it is designed to be run in Debian-based operating systems. Pinecone is specially oriented to be used with a Raspberry Pi, as a portable wireless auditing box.
https://github.com/pinecone-wifi/pinecone
#wlan
#tools
@NetPentesters
GitHub
GitHub - pinecone-wifi/pinecone: A WLAN red team framework.
A WLAN red team framework. Contribute to pinecone-wifi/pinecone development by creating an account on GitHub.
Rubeus
Rubeus is a C# toolkit for Kerberos interaction and abuses. Kerberos, as we all know, is a ticket-based network authentication protocol and is used in Active Directories.
Unfortunately, due to human error, oftentimes AD is not configured properly keeping security in mind. Rubeus can exploit vulnerabilities arising out of these misconfigurations and perform functions such as crafting keys and granting access using forged certificates. The article serves as a guide on using Rubeus in various scenarios.
https://github.com/GhostPack/Rubeus
Research:
https://www.hackingarticles.in/a-detailed-guide-on-rubeus/
@NetPentesters
Rubeus is a C# toolkit for Kerberos interaction and abuses. Kerberos, as we all know, is a ticket-based network authentication protocol and is used in Active Directories.
Unfortunately, due to human error, oftentimes AD is not configured properly keeping security in mind. Rubeus can exploit vulnerabilities arising out of these misconfigurations and perform functions such as crafting keys and granting access using forged certificates. The article serves as a guide on using Rubeus in various scenarios.
https://github.com/GhostPack/Rubeus
Research:
https://www.hackingarticles.in/a-detailed-guide-on-rubeus/
@NetPentesters
GitHub
GitHub - GhostPack/Rubeus: Trying to tame the three-headed dog.
Trying to tame the three-headed dog. Contribute to GhostPack/Rubeus development by creating an account on GitHub.
This tool uses LDAP to check a domain for known abusable Kerberos delegation settings. Currently, it supports RBCD, Constrained, Constrained w/Protocol Transition, and Unconstrained Delegation checks.
https://github.com/IcebreakerSecurity/DelegationBOF
#LDAP
@NetPentesters
https://github.com/IcebreakerSecurity/DelegationBOF
#LDAP
@NetPentesters
GitHub
GitHub - Crypt0s/DelegationBOF
Contribute to Crypt0s/DelegationBOF development by creating an account on GitHub.
The first step in a targeted attack – or a penetration test or red team activity – is gathering intelligence on the target. While there are ways and means to do this covertly, intelligence gathering usually starts with scraping information from public sources, collectively known as open source intelligence or OSINT. There is such a wealth of legally collectible OSINT available now thanks to social media and the prevalence of online activities that this may be all that is required to give an attacker everything they need to successfully profile an organization or individual.
In this Channel , we’ll get you up to speed on what OSINT is all about and how you can learn to use OSINT tools to better understand your own digital footprint.
Join : @OsintBlackBox
In this Channel , we’ll get you up to speed on what OSINT is all about and how you can learn to use OSINT tools to better understand your own digital footprint.
Join : @OsintBlackBox
Access Checking Active Directory
https://www.tiraniddo.dev/2022/07/access-checking-active-directory.html
#ad
@NetPentesters
https://www.tiraniddo.dev/2022/07/access-checking-active-directory.html
#ad
@NetPentesters
www.tiraniddo.dev
Access Checking Active Directory
Like many Windows related technologies Active Directory uses a security denoscriptor and the access check process to determine what access a u...
BOF - RDPHijack
Cobalt Strike Beacon Object File (BOF) that uses WinStationConnect API to perform local/remote RDP session hijacking. With a valid access token / kerberos ticket (e.g., golden ticket) of the session owner, you will be able to hijack the session remotely without dropping any beacon/tool on the target server.
To enumerate sessions locally/remotely, you could use Quser-BOF.
https://github.com/netero1010/RDPHijack-BOF
@NetPentesters
Cobalt Strike Beacon Object File (BOF) that uses WinStationConnect API to perform local/remote RDP session hijacking. With a valid access token / kerberos ticket (e.g., golden ticket) of the session owner, you will be able to hijack the session remotely without dropping any beacon/tool on the target server.
To enumerate sessions locally/remotely, you could use Quser-BOF.
https://github.com/netero1010/RDPHijack-BOF
@NetPentesters
GitHub
GitHub - netero1010/RDPHijack-BOF: Cobalt Strike Beacon Object File (BOF) that uses WinStationConnect API to perform local/remote…
Cobalt Strike Beacon Object File (BOF) that uses WinStationConnect API to perform local/remote RDP session hijacking. - netero1010/RDPHijack-BOF
A python wrapper to run a command on against all users/computers/DCs of a Windows Domain
https://github.com/p0dalirius/TargetAllDomainObjects
#DC
@NetPentesters
https://github.com/p0dalirius/TargetAllDomainObjects
#DC
@NetPentesters
GitHub
GitHub - p0dalirius/TargetAllDomainObjects: A python wrapper to run a command on against all users/computers/DCs of a Windows Domain
A python wrapper to run a command on against all users/computers/DCs of a Windows Domain - GitHub - p0dalirius/TargetAllDomainObjects: A python wrapper to run a command on against all users/comput...
PcapXray
A Network Forensics Tool - To visualize a Packet Capture offline as a Network Diagram including device identification, highlight important communication and file extraction
https://github.com/Srinivas11789/PcapXray
#Forensic
#tools
@NetPentesters
A Network Forensics Tool - To visualize a Packet Capture offline as a Network Diagram including device identification, highlight important communication and file extraction
https://github.com/Srinivas11789/PcapXray
#Forensic
#tools
@NetPentesters
GitHub
GitHub - Srinivas11789/PcapXray: :snowflake: PcapXray - A Network Forensics Tool - To visualize a Packet Capture offline as a Network…
:snowflake: PcapXray - A Network Forensics Tool - To visualize a Packet Capture offline as a Network Diagram including device identification, highlight important communication and file extraction -...
AD denoscription password finder
The purpose of this tool is to check if passwords are stored in clear text in the denoscription of Active Directory accounts.
https://github.com/AssuranceMaladieSec/AD-denoscription-password-finder
#ad
@NetPentesters
The purpose of this tool is to check if passwords are stored in clear text in the denoscription of Active Directory accounts.
https://github.com/AssuranceMaladieSec/AD-denoscription-password-finder
#ad
@NetPentesters
GitHub
GitHub - AssuranceMaladieSec/AD-denoscription-password-finder: Retrieve AD accounts denoscription and search for password in it
Retrieve AD accounts denoscription and search for password in it - AssuranceMaladieSec/AD-denoscription-password-finder
Find vulnerabilities in AD Group Policy, but do it better than Grouper2 did.
https://github.com/Group3r/Group3r
#AD
@NetPentesters
https://github.com/Group3r/Group3r
#AD
@NetPentesters
GitHub
GitHub - Group3r/Group3r: Find vulnerabilities in AD Group Policy, but do it better than Grouper2 did.
Find vulnerabilities in AD Group Policy, but do it better than Grouper2 did. - Group3r/Group3r