+ Anonymously bruteforce AD usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP)
https://github.com/lkarlslund/ldapnomnom
+ Relaying YubiKeys
https://cube0x0.github.io/Relaying-YubiKeys
+ Stealing Access Tokens From Office Desktop Applications
https://mrd0x.com/stealing-tokens-from-office-applications
#Ad
#redteam
@NetPentesters
https://github.com/lkarlslund/ldapnomnom
+ Relaying YubiKeys
https://cube0x0.github.io/Relaying-YubiKeys
+ Stealing Access Tokens From Office Desktop Applications
https://mrd0x.com/stealing-tokens-from-office-applications
#Ad
#redteam
@NetPentesters
GitHub
GitHub - lkarlslund/ldapnomnom: Quietly and anonymously bruteforce Active Directory usernames at insane speeds from Domain Controllers…
Quietly and anonymously bruteforce Active Directory usernames at insane speeds from Domain Controllers by (ab)using LDAP Ping requests (cLDAP) - lkarlslund/ldapnomnom
Forwarded from Red Blue Team
#Red_Team
1. Kerberoast attack "pure python"
https://github.com/skelsec/kerberoast
2. A Guide to DNS Takeovers
https://blog.projectdiscovery.io/guide-to-dns-takeovers
3. Maquerade any legitimate Windows binary by changing some fields in the PEB structure
https://github.com/D1rkMtr/MasqueradingPEB
@BlueRedTeam
1. Kerberoast attack "pure python"
https://github.com/skelsec/kerberoast
2. A Guide to DNS Takeovers
https://blog.projectdiscovery.io/guide-to-dns-takeovers
3. Maquerade any legitimate Windows binary by changing some fields in the PEB structure
https://github.com/D1rkMtr/MasqueradingPEB
@BlueRedTeam
GitHub
GitHub - skelsec/kerberoast: Kerberoast attack -pure python-
Kerberoast attack -pure python-. Contribute to skelsec/kerberoast development by creating an account on GitHub.
ADDS_Tool
Active Directory Domain Services Tool.
Windows Command shell program that is a wrapper for ADDS toolset: - DSQUERY - DSGET - DSADD - DSMOD - DSMOVE
Features:
▫️ Main Menu
▫️ Settings Menu
▫️ Logs
▫️ Search Universal
▫️ Search User
▫️ Search Group
▫️ Search Computer
▫️ Search Server
▫️ Search OU
https://github.com/DavidGeeraerts/ADDS_Tool
#ad
#tools
@NetPentesters
Active Directory Domain Services Tool.
Windows Command shell program that is a wrapper for ADDS toolset: - DSQUERY - DSGET - DSADD - DSMOD - DSMOVE
Features:
▫️ Main Menu
▫️ Settings Menu
▫️ Logs
▫️ Search Universal
▫️ Search User
▫️ Search Group
▫️ Search Computer
▫️ Search Server
▫️ Search OU
https://github.com/DavidGeeraerts/ADDS_Tool
#ad
#tools
@NetPentesters
GitHub
GitHub - DavidGeeraerts/ADDS_Tool: ADDS (Active Directory Domain Services)
ADDS (Active Directory Domain Services). Contribute to DavidGeeraerts/ADDS_Tool development by creating an account on GitHub.
A new version of the popular #BloodHound tool has been released, including:
- 12 new and/or improved techniques, mostly for Azure
- Completely rewritten AzureHound on Go and more
https://posts.specterops.io/introducing-bloodhound-4-2-the-azure-refactor-1cff734938bd
#pentest
#cloud
#news
#tools
@NetPentesters
- 12 new and/or improved techniques, mostly for Azure
- Completely rewritten AzureHound on Go and more
https://posts.specterops.io/introducing-bloodhound-4-2-the-azure-refactor-1cff734938bd
#pentest
#cloud
#news
#tools
@NetPentesters
Medium
Introducing BloodHound 4.2 — The Azure Refactor
The BloodHound Enterprise team is proud to announce the release of BloodHound 4.2 — The Azure Refactor.
Systematization of attacks on the perimeter of L2/L3 network equipment. Ver. 2.0.
#attack
#Analytics
@NetPentesters
#attack
#Analytics
@NetPentesters
Network Relaying Abuse in a Windows Domain
https://labs.nettitude.com/blog/network-relaying-abuse-windows-domain/
https://labs.nettitude.com/blog/network-relaying-abuse-windows-domain/
LRQA
Network Relaying Abuse in a Windows Domain
Network relaying abuse in the context of a legacy Windows authentication protocol is by no means a novel vector for privilege escalation in a domain context.
LDAP Monitor
Monitor creation, deletion and changes to LDAP objects live during your pentest or system administration!
With this tool you can quickly see if your attack worked and if it changed LDAP attributes of the target object
https://github.com/p0dalirius/LDAPmonitor
#ldap
@NetPentesters
Monitor creation, deletion and changes to LDAP objects live during your pentest or system administration!
With this tool you can quickly see if your attack worked and if it changed LDAP attributes of the target object
https://github.com/p0dalirius/LDAPmonitor
#ldap
@NetPentesters
KnownDllUnhook
Replace the .txt section of the current loaded modules from \KnownDlls\ to bypass edrs
https://github.com/ORCx41/KnownDllUnhook
#edr
@NetPentesters
Replace the .txt section of the current loaded modules from \KnownDlls\ to bypass edrs
https://github.com/ORCx41/KnownDllUnhook
#edr
@NetPentesters
GitHub
GitHub - NUL0x4C/KnownDllUnhook: Replace the .txt section of the current loaded modules from \KnownDlls\
Replace the .txt section of the current loaded modules from \KnownDlls\ - NUL0x4C/KnownDllUnhook
PowerHuntShares
PowerHuntShares is design to automatically inventory, analyze, and report excessive privilege assigned to SMB shares on Active Directory domain joined computers.
It is intented to help IAM and other blue teams gain a better understand of their SMB Share attack surface and provides data insights to help naturally group related share to help stream line remediation efforts at scale.
https://github.com/NetSPI/PowerHuntShares
Attacking and Remediating Excessive Network Share Permissions in Active Directory Environments: https://www.netspi.com/blog/technical/network-penetration-testing/network-share-permissions-powerhuntshares
#AD
#SMB
#BlueTeam
@NetPentesters
PowerHuntShares is design to automatically inventory, analyze, and report excessive privilege assigned to SMB shares on Active Directory domain joined computers.
It is intented to help IAM and other blue teams gain a better understand of their SMB Share attack surface and provides data insights to help naturally group related share to help stream line remediation efforts at scale.
https://github.com/NetSPI/PowerHuntShares
Attacking and Remediating Excessive Network Share Permissions in Active Directory Environments: https://www.netspi.com/blog/technical/network-penetration-testing/network-share-permissions-powerhuntshares
#AD
#SMB
#BlueTeam
@NetPentesters
GitHub
GitHub - NetSPI/PowerHuntShares: PowerHuntShares is an audit noscript designed in inventory, analyze, and report excessive privileges…
PowerHuntShares is an audit noscript designed in inventory, analyze, and report excessive privileges configured on Active Directory domains. - NetSPI/PowerHuntShares
Have a look at all the signed PowerShell noscripts located in C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\
Some of these can execute code and do all kind of interesting stuff.
https://github.com/Mr-Un1k0d3r/ATP-PowerShell-Scripts
#ps
#signed
#redteam
@NetPentesters
Some of these can execute code and do all kind of interesting stuff.
https://github.com/Mr-Un1k0d3r/ATP-PowerShell-Scripts
#ps
#signed
#redteam
@NetPentesters
AzureGoat
A Damn Vulnerable Azure Infrastructure.
AzureGoat is a vulnerable by design infrastructure on Azure featuring the latest released OWASP Top 10 web application security risks (2021) and other misconfiguration based on services such as App Functions, CosmosDB, Storage Accounts, Automation and Identities. AzureGoat mimics real-world infrastructure but with added vulnerabilities. It features multiple escalation paths and is focused on a black-box approach.
The project will be divided into modules and each module will be a separate web application, powered by varied tech stacks and development practices. It will leverage IaC through terraform to ease the deployment process.
https://github.com/ine-labs/AzureGoat
#Azure
#AD
@NetPentesters
A Damn Vulnerable Azure Infrastructure.
AzureGoat is a vulnerable by design infrastructure on Azure featuring the latest released OWASP Top 10 web application security risks (2021) and other misconfiguration based on services such as App Functions, CosmosDB, Storage Accounts, Automation and Identities. AzureGoat mimics real-world infrastructure but with added vulnerabilities. It features multiple escalation paths and is focused on a black-box approach.
The project will be divided into modules and each module will be a separate web application, powered by varied tech stacks and development practices. It will leverage IaC through terraform to ease the deployment process.
https://github.com/ine-labs/AzureGoat
#Azure
#AD
@NetPentesters
GitHub
GitHub - ine-labs/AzureGoat: AzureGoat : A Damn Vulnerable Azure Infrastructure
AzureGoat : A Damn Vulnerable Azure Infrastructure - ine-labs/AzureGoat
This tool is designed to parse Cisco device configuration files. The checklist is based on the Cisco Hardening Guide for Cisco IOS Devices.
https://github.com/frostbits-security/ccat
#Cisco
#checklist
@NetPentesters
https://github.com/frostbits-security/ccat
#Cisco
#checklist
@NetPentesters
GitHub
List of the checks
Cisco Config Analysis Tool. Contribute to cisco-config-analysis-tool/ccat development by creating an account on GitHub.
Pivoting Over Challenge Based Enterprise WiFi Network
https://tbhaxor.com/pivoting-over-peap-mschapv2-wifi-network
@NetPentesters
https://tbhaxor.com/pivoting-over-peap-mschapv2-wifi-network
@NetPentesters
tbhaxor's Blog
Pivoting Over Challenge Based Enterprise WiFi Network
You will discover how to connect to the organization's access point using PEAP-MSCHAPv2 authentication and relay the response to the authenticator challenge This will allow you to read the private emails on a LAN-hosted POP3 server.
🀄 Privilege Escalation Enumeration Script for Windows
https://github.com/itm4n/PrivescCheck
#windows
#privesc
#enumeration
#enum
#powershell
@NetPentesters
This noscript aims to enumerate common Windows security misconfigurations that can be leveraged for privilege escalation. It also gathers various information that might be useful for exploitation and/or post-exploitation
https://github.com/itm4n/PrivescCheck
#windows
#privesc
#enumeration
#enum
#powershell
@NetPentesters
GitHub
GitHub - itm4n/PrivescCheck: Privilege Escalation Enumeration Script for Windows
Privilege Escalation Enumeration Script for Windows - itm4n/PrivescCheck
Roast in the Middle
Python implementation of the man-in-the-middle attack
● Performs ARP spoofing between your target(s) and the gateway to obtain a man-in-the-middle position
● Sniffs traffic for an AS-REQ containing PA-ENC-TIMESTAMP data
● Replays the sniffed AS-REQ to a DC after changing the SPN to usernames/SPNs provided via a file
● Outputs any roasted account hashes
https://github.com/Tw1sm/RITM
#ad
#mitm
#kerberos
@NetPentesters
Python implementation of the man-in-the-middle attack
● Performs ARP spoofing between your target(s) and the gateway to obtain a man-in-the-middle position
● Sniffs traffic for an AS-REQ containing PA-ENC-TIMESTAMP data
● Replays the sniffed AS-REQ to a DC after changing the SPN to usernames/SPNs provided via a file
● Outputs any roasted account hashes
https://github.com/Tw1sm/RITM
#ad
#mitm
#kerberos
@NetPentesters
GitHub
GitHub - Tw1sm/RITM: Roast in the Middle
Roast in the Middle. Contribute to Tw1sm/RITM development by creating an account on GitHub.
[ Living-Off-the-Blindspot - Operating into EDRs’ blindspot ]
#edr
#bypass
#python
@NetPentesters
EDR bypass with python
https://www.naksyn.com/edr%20evasion/2022/09/01/operating-into-EDRs-blindspot.html#edr
#bypass
#python
@NetPentesters
BadBlood
BadBlood by Secframe fills a Microsoft Active Directory Domain with a structure and thousands of objects. The output of the tool is a domain similar to a domain in the real world.
After BadBlood is ran on a domain, security analysts and engineers can practice using tools to gain an understanding and prescribe to securing Active Directory. Each time this tool runs, it produces different results. The domain, users, groups, computers and permissions are different. Every. Single. Time.
https://github.com/davidprowe/BadBlood
#ad
@NetPenteaters
BadBlood by Secframe fills a Microsoft Active Directory Domain with a structure and thousands of objects. The output of the tool is a domain similar to a domain in the real world.
After BadBlood is ran on a domain, security analysts and engineers can practice using tools to gain an understanding and prescribe to securing Active Directory. Each time this tool runs, it produces different results. The domain, users, groups, computers and permissions are different. Every. Single. Time.
https://github.com/davidprowe/BadBlood
#ad
@NetPenteaters
I need an admin to train users
have the following conditions:
Have at least 1 year of network penetration testing experience or network penetration testing skills.
Training should be in Eve-NG or GNS3 environment.
Contact the following address:
@ChatNPTbot
have the following conditions:
Have at least 1 year of network penetration testing experience or network penetration testing skills.
Training should be in Eve-NG or GNS3 environment.
Contact the following address:
@ChatNPTbot
Azure AD Exporter
The Azure AD Exporter is a PowerShell module that allows you to export your Azure AD and Azure AD B2C configuration settings to local .json files.
This module can be run as a nightly scheduled task or a DevOps component (Azure DevOps, GitHub, Jenkins) and the exported files can be version controlled in Git or SharePoint.
This will provide tenant administrators with a historical view of all the settings in the tenant including the change history over the years.
https://github.com/microsoft/azureadexporter
#AD
#Azure
@NetPentesters
The Azure AD Exporter is a PowerShell module that allows you to export your Azure AD and Azure AD B2C configuration settings to local .json files.
This module can be run as a nightly scheduled task or a DevOps component (Azure DevOps, GitHub, Jenkins) and the exported files can be version controlled in Git or SharePoint.
This will provide tenant administrators with a historical view of all the settings in the tenant including the change history over the years.
https://github.com/microsoft/azureadexporter
#AD
#Azure
@NetPentesters
ShadowSpray
A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other objects in the domain.
https://github.com/Dec0ne/ShadowSpray/
#ad
#spray
@NetPentesters
A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other objects in the domain.
https://github.com/Dec0ne/ShadowSpray/
#ad
#spray
@NetPentesters
SpecterOps
The Renaissance of NTLM Relay Attacks: Everything You Need to Know - SpecterOps
NTLM relay attacks have been around for a long time. While many security practitioners think NTLM relay is a solved problem, or at least a not-so-severe one, it is, in fact, alive and kicking and arguably worse than ever before. Relay attacks are the easiest…