Attacks on Azure AD and M365:
Pawning the cloud, PTA Skeleton Keys and more
https://www.inversecos.com/2021/10/attacks-on-azure-ad-and-m365-pawning.html
#Attack
#Azure
#Ad
#Cloud
#Microsoft
@NetPentesters
Pawning the cloud, PTA Skeleton Keys and more
https://www.inversecos.com/2021/10/attacks-on-azure-ad-and-m365-pawning.html
#Attack
#Azure
#Ad
#Cloud
#Microsoft
@NetPentesters
Appendix: Overview of Microsoft Identity Security Monitoring
https://github.com/Cloud-Architekt/AzureAD-Attack-Defense/blob/main/IdentitySecurityMonitoring.md
#Azure
#ad
@NetPentesters
https://github.com/Cloud-Architekt/AzureAD-Attack-Defense/blob/main/IdentitySecurityMonitoring.md
#Azure
#ad
@NetPentesters
ProxyToken (CVE-2021-33766) : An Authentication Bypass in Microsoft Exchange Server POC exploit
https://github.com/bhdresh/CVE-2021-33766
#exchange
#bypass
@NetPentesters
https://github.com/bhdresh/CVE-2021-33766
#exchange
#bypass
@NetPentesters
GitHub
GitHub - bhdresh/CVE-2021-33766: ProxyToken (CVE-2021-33766) : An Authentication Bypass in Microsoft Exchange Server POC exploit
ProxyToken (CVE-2021-33766) : An Authentication Bypass in Microsoft Exchange Server POC exploit - bhdresh/CVE-2021-33766
Pre-Auth SSRF To Full MailBox Access
(Microsoft Exchange Server Exploit)
https://vanshal.medium.com/pre-auth-ssrf-to-full-mailbox-access-microsoft-exchange-server-exploit-a62c8ac04b47
#SSRF
#Microsoft
#exchange
@NetPentesters
(Microsoft Exchange Server Exploit)
https://vanshal.medium.com/pre-auth-ssrf-to-full-mailbox-access-microsoft-exchange-server-exploit-a62c8ac04b47
#SSRF
#Microsoft
#exchange
@NetPentesters
Python implementation for Active Directory certificate abuse
https://github.com/ollypwn/Certipy
#python
#Ad
@NetPentesters
https://github.com/ollypwn/Certipy
#python
#Ad
@NetPentesters
Azure Privilege Escalation via Service Principal Abuse
https://posts.specterops.io/azure-privilege-escalation-via-service-principal-abuse-210ae2be2a5
#Azure
#privilege
@NetPentesters
https://posts.specterops.io/azure-privilege-escalation-via-service-principal-abuse-210ae2be2a5
#Azure
#privilege
@NetPentesters
SpecterOps
Blog - SpecterOps
Your new best friend: Introducing BloodHound Community Edition!
Offensive WMI:
Part 1 - Basics
https://0xinfection.github.io/posts/wmi-basics-part-1
Part 2 - Exploring Namespaces, Classes & Methods
https://0xinfection.github.io/posts/wmi-classes-methods-part-2
Part 3 - Interacting with Windows Registry
https://0xinfection.github.io/posts/wmi-registry-part-3
#WMI
@NetPentesters
Part 1 - Basics
https://0xinfection.github.io/posts/wmi-basics-part-1
Part 2 - Exploring Namespaces, Classes & Methods
https://0xinfection.github.io/posts/wmi-classes-methods-part-2
Part 3 - Interacting with Windows Registry
https://0xinfection.github.io/posts/wmi-registry-part-3
#WMI
@NetPentesters
Offensive WMI: Reconnaissance & Enumeration
https://0xinfection.github.io/posts/wmi-recon-enum
#WMI
#Enumeration
#Reconnaissance
@NetPentesters
https://0xinfection.github.io/posts/wmi-recon-enum
#WMI
#Enumeration
#Reconnaissance
@NetPentesters
Active Directory Enumeration
https://0xinfection.github.io/posts/wmi-ad-enum
#AD
#Enumeration
#Microsoft
@NetPentesters
https://0xinfection.github.io/posts/wmi-ad-enum
#AD
#Enumeration
#Microsoft
@NetPentesters
MITRE ATT & CK Matrix, ver.10.0:
More Objects, Parity, and Features
https://attack.mitre.org/resources/updates/updates-october-2021
]-> https://github.com/mitre/cti/releases/tag/ATT%26CK-v10.0
#MITRE
#attack
@NetPentesters
More Objects, Parity, and Features
https://attack.mitre.org/resources/updates/updates-october-2021
]-> https://github.com/mitre/cti/releases/tag/ATT%26CK-v10.0
#MITRE
#attack
@NetPentesters
GitHub
Release ATT&CK version 10.0 · mitre/cti
See release notes for the content changes here
See a summary of STIX changes here
See a summary of STIX changes here
Attacking & Securing Active Directory
https://rmusser.net/docs/Active_Directory.html
#AD
#Pentest
#attack
@NetPentesters
https://rmusser.net/docs/Active_Directory.html
#AD
#Pentest
#attack
@NetPentesters
Attacking Azure/Azure AD
https://hausec.com/2021/10/26/attacking-azure-azure-ad-part-ii
#cloud
#Ad
#azure
@NetPentesters
https://hausec.com/2021/10/26/attacking-azure-azure-ad-part-ii
#cloud
#Ad
#azure
@NetPentesters
hausec
Attacking Azure & Azure AD, Part II
Abstract When I published my first article, Attacking Azure & Azure AD and Introducing PowerZure, I had no idea I was just striking the tip of the iceberg. Over the past eight months, my co-wor…
Full-featured C2 framework which silently persists
on webserver with a single-line PHP backdoor
https://github.com/nil0x42/phpsploit
#C2
#backdoor
@NetPentesters
on webserver with a single-line PHP backdoor
https://github.com/nil0x42/phpsploit
#C2
#backdoor
@NetPentesters
GitHub
GitHub - nil0x42/phpsploit: Full-featured C2 framework which silently persists on webserver with a single-line PHP backdoor
Full-featured C2 framework which silently persists on webserver with a single-line PHP backdoor - nil0x42/phpsploit
Best of OSCP CTF Cheat Sheet.
https://github.com/Ignitetechnologies/Privilege-Escalation
https://github.com/Ignitetechnologies/HackTheBox-CTF-Writeups
https://github.com/Ignitetechnologies/Vulnhub-CTF-Writeups
https://github.com/Ignitetechnologies/TryHackMe-CTF-Writeups
#CTF #OSCP #Cheatsheet
https://github.com/Ignitetechnologies/Privilege-Escalation
https://github.com/Ignitetechnologies/HackTheBox-CTF-Writeups
https://github.com/Ignitetechnologies/Vulnhub-CTF-Writeups
https://github.com/Ignitetechnologies/TryHackMe-CTF-Writeups
#CTF #OSCP #Cheatsheet
GitHub
GitHub - Ignitetechnologies/Privilege-Escalation: This cheasheet is aimed at the CTF Players and Beginners to help them understand…
This cheasheet is aimed at the CTF Players and Beginners to help them understand the fundamentals of Privilege Escalation with examples. - Ignitetechnologies/Privilege-Escalation
Windows & Active Directory Exploitation Cheat Sheet
and Command Reference
https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference
#AD
#pentest
@NetPentesters
and Command Reference
https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference
#AD
#pentest
@NetPentesters
Cas van Cooten
Windows & Active Directory Exploitation Cheat Sheet and Command Reference
Last update: November 3rd, 2021
Updated November 3rd, 2021: Included several fixes and actualized some techniques. Changes made to the Defender evasion, RBCD, Domain Enumeration, Rubeus, and Mimikatz sections. Fixed some whoopsies as well 🙃.
Updated June…
Updated November 3rd, 2021: Included several fixes and actualized some techniques. Changes made to the Defender evasion, RBCD, Domain Enumeration, Rubeus, and Mimikatz sections. Fixed some whoopsies as well 🙃.
Updated June…
Microsoft Exchange vulnerabilities exploited once again
for ransomware, this time with Babuk
https://blog.talosintelligence.com/2021/11/babuk-exploits-exchange.html?m=1
#Malware
#exchange
#microsoft
@NetPentesters
for ransomware, this time with Babuk
https://blog.talosintelligence.com/2021/11/babuk-exploits-exchange.html?m=1
#Malware
#exchange
#microsoft
@NetPentesters
AD Enum - pentesting tool that allows to find misconfiguration through the the protocol LDAP and exploit some of those weaknesses with kerberos
https://github.com/SecuProject/ADenum
Python implementation for Active Directory certificate abuse
https://github.com/ly4k/Certipy
@NetPentesters
https://github.com/SecuProject/ADenum
Python implementation for Active Directory certificate abuse
https://github.com/ly4k/Certipy
@NetPentesters
GitHub
GitHub - SecuProject/ADenum: AD Enum is a pentesting tool that allows to find misconfiguration through the the protocol LDAP and…
AD Enum is a pentesting tool that allows to find misconfiguration through the the protocol LDAP and exploit some of those weaknesses with kerberos. - SecuProject/ADenum
Practical HTTP Header Smuggling:
Sneaking Past Reverse Proxies to Attack AWS
https://www.intruder.io/research/practical-http-header-smuggling
ChaosDB Explained: Azure's Cosmos DB Vulnerability Walkthrough
https://www.wiz.io/blog/chaosdb-explained-azures-cosmos-db-vulnerability-walkthrough
#Cloud
#azure
#Vulnerability
@NetPentesters
Sneaking Past Reverse Proxies to Attack AWS
https://www.intruder.io/research/practical-http-header-smuggling
ChaosDB Explained: Azure's Cosmos DB Vulnerability Walkthrough
https://www.wiz.io/blog/chaosdb-explained-azures-cosmos-db-vulnerability-walkthrough
#Cloud
#azure
#Vulnerability
@NetPentesters
www.intruder.io
Practical HTTP Header Smuggling: Sneaking Past Reverse Proxies to Attack AWS and Beyond
Modern web applications typically rely on chains of multiple servers, which forward HTTP requests to one another. The attack surface created by this forwarding is increasingly receiving more attention, including the recent popularisation of cache poisoning...