A python wrapper to run a command on against all users/computers/DCs of a Windows Domain
https://github.com/p0dalirius/TargetAllDomainObjects
#DC
@NetPentesters
https://github.com/p0dalirius/TargetAllDomainObjects
#DC
@NetPentesters
GitHub
GitHub - p0dalirius/TargetAllDomainObjects: A python wrapper to run a command on against all users/computers/DCs of a Windows Domain
A python wrapper to run a command on against all users/computers/DCs of a Windows Domain - GitHub - p0dalirius/TargetAllDomainObjects: A python wrapper to run a command on against all users/comput...
PcapXray
A Network Forensics Tool - To visualize a Packet Capture offline as a Network Diagram including device identification, highlight important communication and file extraction
https://github.com/Srinivas11789/PcapXray
#Forensic
#tools
@NetPentesters
A Network Forensics Tool - To visualize a Packet Capture offline as a Network Diagram including device identification, highlight important communication and file extraction
https://github.com/Srinivas11789/PcapXray
#Forensic
#tools
@NetPentesters
GitHub
GitHub - Srinivas11789/PcapXray: :snowflake: PcapXray - A Network Forensics Tool - To visualize a Packet Capture offline as a Network…
:snowflake: PcapXray - A Network Forensics Tool - To visualize a Packet Capture offline as a Network Diagram including device identification, highlight important communication and file extraction -...
AD denoscription password finder
The purpose of this tool is to check if passwords are stored in clear text in the denoscription of Active Directory accounts.
https://github.com/AssuranceMaladieSec/AD-denoscription-password-finder
#ad
@NetPentesters
The purpose of this tool is to check if passwords are stored in clear text in the denoscription of Active Directory accounts.
https://github.com/AssuranceMaladieSec/AD-denoscription-password-finder
#ad
@NetPentesters
GitHub
GitHub - AssuranceMaladieSec/AD-denoscription-password-finder: Retrieve AD accounts denoscription and search for password in it
Retrieve AD accounts denoscription and search for password in it - AssuranceMaladieSec/AD-denoscription-password-finder
Find vulnerabilities in AD Group Policy, but do it better than Grouper2 did.
https://github.com/Group3r/Group3r
#AD
@NetPentesters
https://github.com/Group3r/Group3r
#AD
@NetPentesters
GitHub
GitHub - Group3r/Group3r: Find vulnerabilities in AD Group Policy, but do it better than Grouper2 did.
Find vulnerabilities in AD Group Policy, but do it better than Grouper2 did. - Group3r/Group3r
Previously, Microsoft announced macros will be disabled in Office products by default to improve user security.
Today, Microsoft announced they have decided to undo this decision. Macros will now be enabled by default again.
@NetPentesters
Today, Microsoft announced they have decided to undo this decision. Macros will now be enabled by default again.
@NetPentesters
[ Kerberoast implemented in VBA Macro ]
Retrieve SPNs via #LDAP queries, then ask a TGS Ticket with RC4 Etype for each one.
The ticket is exported in KiRBi format (like mimikatz does)
tool:
https://github.com/Adepts-Of-0xCC/VBA-macro-experiments/blob/main/kerberoast.vba
article:
https://adepts.of0x.cc/kerberoast-vba-macro/
#vba #kerberoast
@NetPentesters
Retrieve SPNs via #LDAP queries, then ask a TGS Ticket with RC4 Etype for each one.
The ticket is exported in KiRBi format (like mimikatz does)
tool:
https://github.com/Adepts-Of-0xCC/VBA-macro-experiments/blob/main/kerberoast.vba
article:
https://adepts.of0x.cc/kerberoast-vba-macro/
#vba #kerberoast
@NetPentesters
GitHub
VBA-macro-experiments/kerberoast.vba at main · Adepts-Of-0xCC/VBA-macro-experiments
Collection of VBA macro published in our twitter / blog - Adepts-Of-0xCC/VBA-macro-experiments
Code Signing Certificate Cloning Attack
A Powershell noscript that signs input Executable file with fake Microsoft code-signing certificate to demonstrate risks of cloned-certificate sign attacks.
https://github.com/mgeeky/Penetration-Testing-Tools/tree/master/red-teaming/Self-Signed%20Threat
Research:
https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
@NetPentesters
A Powershell noscript that signs input Executable file with fake Microsoft code-signing certificate to demonstrate risks of cloned-certificate sign attacks.
https://github.com/mgeeky/Penetration-Testing-Tools/tree/master/red-teaming/Self-Signed%20Threat
Research:
https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec
@NetPentesters
GitHub
Penetration-Testing-Tools/red-teaming/Self-Signed Threat at master · mgeeky/Penetration-Testing-Tools
A collection of more than 170+ tools, noscripts, cheatsheets and other loots that I've developed over years for Red Teaming/Pentesting/IT Security audits purposes. - mgeeky/Penetration-Testing-Tools
PywerView
Remotely interacts with ldap server. Also included with mini interactive console with auto completion.
Alternative for the awesome original PowerView noscript. Most of the modules used in PowerView are available in this project ( some of the flags are changed ).
Interesting Features:
▫️ Embeded user session
▫️ Mini PywerView console to make you feel like home when using PowerView in Powershell
▫️ Auto-completer, so no more memorizing commands
▫️ Cross-Domain interactions (might or might not work) Maybe more?
https://github.com/aniqfakhrul/PywerView
#ad
@NetPentesters
Remotely interacts with ldap server. Also included with mini interactive console with auto completion.
Alternative for the awesome original PowerView noscript. Most of the modules used in PowerView are available in this project ( some of the flags are changed ).
Interesting Features:
▫️ Embeded user session
▫️ Mini PywerView console to make you feel like home when using PowerView in Powershell
▫️ Auto-completer, so no more memorizing commands
▫️ Cross-Domain interactions (might or might not work) Maybe more?
https://github.com/aniqfakhrul/PywerView
#ad
@NetPentesters
GitHub
GitHub - the-useless-one/pywerview: A (partial) Python rewriting of PowerSploit's PowerView
A (partial) Python rewriting of PowerSploit's PowerView - the-useless-one/pywerview
#sysmon #evasion
[ SysmonQuiet Reflective DLL ]
Automatically locate sysmon process and patch its EtwEventWrite API,
causing sysmon malfunctioning while the process and its threads are still running.
(requires SeDebugPrivilege privilege)
https://github.com/ScriptIdiot/SysmonQuiet
@NetPentesters
[ SysmonQuiet Reflective DLL ]
Automatically locate sysmon process and patch its EtwEventWrite API,
causing sysmon malfunctioning while the process and its threads are still running.
(requires SeDebugPrivilege privilege)
https://github.com/ScriptIdiot/SysmonQuiet
@NetPentesters
GitHub
GitHub - ScriptIdiot/SysmonQuiet: RDLL for Cobalt Strike beacon to silence sysmon process
RDLL for Cobalt Strike beacon to silence sysmon process - ScriptIdiot/SysmonQuiet
vsctool
Implements Powershell functions which allow you to interact with volume shadow copies. Available functions are explained below in more detail.
https://github.com/cfalta/vsctool
#ad
@NetPentesters
Implements Powershell functions which allow you to interact with volume shadow copies. Available functions are explained below in more detail.
https://github.com/cfalta/vsctool
#ad
@NetPentesters
GitHub
GitHub - cfalta/vsctool: A Powershell module to interact with volume shadow copies
A Powershell module to interact with volume shadow copies - cfalta/vsctool
rokenSMTP
Small python noscript to look for common #vulnerabilities on the #SMTP server.
Supported Vulnerability:
▫️ Spoofing - The ability to send an email by impersonating another user.
▫️ User Enumeration - Looking for the possibility to enumerate users with the SMTP VFRY command.
https://github.com/mrlew1s/BrokenSMTP
@NetPentesters
Small python noscript to look for common #vulnerabilities on the #SMTP server.
Supported Vulnerability:
▫️ Spoofing - The ability to send an email by impersonating another user.
▫️ User Enumeration - Looking for the possibility to enumerate users with the SMTP VFRY command.
https://github.com/mrlew1s/BrokenSMTP
@NetPentesters
Vulnerabilities Scan: 15000+PoCs; 20 kinds of application password crack; 7000+Web fingerprints; 146 protocols and 90000+ rules Port scanning; Fuzz, HW, awesome BugBounty...
https://github.com/hktalent/scan4all
@NetPentesters
https://github.com/hktalent/scan4all
@NetPentesters
GitHub
GitHub - GhostTroops/scan4all: Official repository vuls Scan: 15000+PoCs; 23 kinds of application password crack; 7000+Web fingerprints;…
Official repository vuls Scan: 15000+PoCs; 23 kinds of application password crack; 7000+Web fingerprints; 146 protocols and 90000+ rules Port scanning; Fuzz, HW, awesome BugBounty( ͡° ͜ʖ ͡°)... - ...
PPLDump
RIPPL is a tool that abuses a usermode only exploit to manipulate PPL processes on Windows.
https://github.com/last-byte/RIPPL
#ad
#ppl
#lsass
#tools
@NetPentesters
RIPPL is a tool that abuses a usermode only exploit to manipulate PPL processes on Windows.
https://github.com/last-byte/RIPPL
#ad
#ppl
#lsass
#tools
@NetPentesters
Azure_Workshop
#Azure #RedTeam Attack and Detect Workshop
This is a vulnerable-by-design Azure lab, containing 2 x attack paths with common misconfigurations. If you would like to see what alerts your attack path vectors are causing, recommend signing up for a Microsoft E5 trial which has Microsoft Defender for Cloud as well as Azure AD premium P2 plan. Links for signing up to an Azure Developer account can be found in the resources.txt file.
Each kill-chain has in its folder the Terraform noscript (and other pre-reqs files needed for deployment) as well as the solutions to the challenges.
https://github.com/mandiant/Azure_Workshop
@NetPentesters
#Azure #RedTeam Attack and Detect Workshop
This is a vulnerable-by-design Azure lab, containing 2 x attack paths with common misconfigurations. If you would like to see what alerts your attack path vectors are causing, recommend signing up for a Microsoft E5 trial which has Microsoft Defender for Cloud as well as Azure AD premium P2 plan. Links for signing up to an Azure Developer account can be found in the resources.txt file.
Each kill-chain has in its folder the Terraform noscript (and other pre-reqs files needed for deployment) as well as the solutions to the challenges.
https://github.com/mandiant/Azure_Workshop
@NetPentesters
GitHub
GitHub - mandiant/Azure_Workshop
Contribute to mandiant/Azure_Workshop development by creating an account on GitHub.
Certipy 4.0: ESC9 & ESC10, BloodHound GUI, New Authentication and Request Methods — and more!
https://research.ifcr.dk/certipy-4-0-esc9-esc10-bloodhound-gui-new-authentication-and-request-methods-and-more-7237d88061f7
#BloodHound
@NetPentesters
https://research.ifcr.dk/certipy-4-0-esc9-esc10-bloodhound-gui-new-authentication-and-request-methods-and-more-7237d88061f7
#BloodHound
@NetPentesters
Medium
Certipy 4.0: ESC9 & ESC10, BloodHound GUI, New Authentication and Request Methods — and more!
A new version of Certipy has been released along with a forked BloodHound GUI that has PKI support! In this blog post, we will look at…
BloodHound-Tools
A collection of tools that integrate to BloodHound.
Bloodhound is the defacto standard that both blue and red security teams use to find lateral movement and privilege escalation paths that can potentially be exploited inside an enterprise environment. A typical environment can yield millions of paths, representing almost endless opportunities for red teams to attack and creating a seemingly insurmountable number of attack vectors for blue teams to tackle.
However, a critical dimension that Bloodhound ignores, namely network access, could hold the key to shutting down excessive lateral movement. This repository contains tools that integrate with Bloodhound’s database in order to reflect network access, for the benefit of both red and blue teams.
https://github.com/zeronetworks/BloodHound-Tools
Research:
https://zeronetworks.com/blog/adversary-resilience-via-least-privilege-networking-part-1/
#Bloodhound
@NetPentesters
A collection of tools that integrate to BloodHound.
Bloodhound is the defacto standard that both blue and red security teams use to find lateral movement and privilege escalation paths that can potentially be exploited inside an enterprise environment. A typical environment can yield millions of paths, representing almost endless opportunities for red teams to attack and creating a seemingly insurmountable number of attack vectors for blue teams to tackle.
However, a critical dimension that Bloodhound ignores, namely network access, could hold the key to shutting down excessive lateral movement. This repository contains tools that integrate with Bloodhound’s database in order to reflect network access, for the benefit of both red and blue teams.
https://github.com/zeronetworks/BloodHound-Tools
Research:
https://zeronetworks.com/blog/adversary-resilience-via-least-privilege-networking-part-1/
#Bloodhound
@NetPentesters
Pingtunnel is a tool that send TCP/UDP traffic over ICMP
https://github.com/esrrhs/pingtunnel
@NetPentesters
https://github.com/esrrhs/pingtunnel
@NetPentesters
GitHub
GitHub - esrrhs/pingtunnel: Pingtunnel is a tool that send TCP/UDP traffic over ICMP
Pingtunnel is a tool that send TCP/UDP traffic over ICMP - esrrhs/pingtunnel
LDAP Monitor
Monitor creation, deletion and changes to LDAP objects live during your pentest or system administration!
With this tool you can quickly see if your attack worked and if it changed LDAP attributes of the target object.
https://github.com/p0dalirius/LDAPmonitor
#LDAP
@NetPentesters
Monitor creation, deletion and changes to LDAP objects live during your pentest or system administration!
With this tool you can quickly see if your attack worked and if it changed LDAP attributes of the target object.
https://github.com/p0dalirius/LDAPmonitor
#LDAP
@NetPentesters
GitHub
GitHub - p0dalirius/LDAPmonitor: Monitor creation, deletion and changes to LDAP objects live during your pentest or system administration!
Monitor creation, deletion and changes to LDAP objects live during your pentest or system administration! - GitHub - p0dalirius/LDAPmonitor: Monitor creation, deletion and changes to LDAP objects ...
CVE-2022-30216:
Server Service Authentication Coerce Vulnerability (Windows 11 / Server 2022)
https://github.com/akamai/akamai-security-research/tree/main/cve-2022-30216
#Vulnerability
#Exploit
@NetPentesters
Server Service Authentication Coerce Vulnerability (Windows 11 / Server 2022)
https://github.com/akamai/akamai-security-research/tree/main/cve-2022-30216
#Vulnerability
#Exploit
@NetPentesters