#ad #enum
[ SilentHound ]
@NetPenTesters
[ SilentHound ]
Quietly enumerate an Active Directory Domain via LDAP parsing users, admins, groups, etc.
https://github.com/layer8secure/SilentHound@NetPenTesters
GitHub
GitHub - layer8secure/SilentHound: Quietly enumerate an Active Directory Domain via LDAP parsing users, admins, groups, etc.
Quietly enumerate an Active Directory Domain via LDAP parsing users, admins, groups, etc. - layer8secure/SilentHound
Negoexrelayx
Negoex relaying tool
Toolkit for abusing #Kerberos PKU2U and NegoEx. Requires impacket It is recommended to install impacket from git directly to have the latest version available.
https://github.com/morRubin/NegoExRelay
@NetPentesters
Negoex relaying tool
Toolkit for abusing #Kerberos PKU2U and NegoEx. Requires impacket It is recommended to install impacket from git directly to have the latest version available.
https://github.com/morRubin/NegoExRelay
@NetPentesters
GitHub
GitHub - morRubin/NegoExRelay
Contribute to morRubin/NegoExRelay development by creating an account on GitHub.
👍1
Sans Or eLearnSecurity?
Anonymous Poll
28%
Sans
17%
eLearnSecurity
46%
Sans + eLearnSecurity
8%
None
#ad #relay #rpc #adcs
[ Relaying to AD Certificate Services over RPC ]
https://blog.compass-security.com/2022/11/relaying-to-ad-certificate-services-over-rpc/
#AD
@NetPentesters
[ Relaying to AD Certificate Services over RPC ]
https://blog.compass-security.com/2022/11/relaying-to-ad-certificate-services-over-rpc/
#AD
@NetPentesters
Bypasses most Kerberoast Detections
https://github.com/trustedsec/orpheus
#ad #kerberoast #redteam
@NetPentesters
https://github.com/trustedsec/orpheus
#ad #kerberoast #redteam
@NetPentesters
GitHub
GitHub - trustedsec/orpheus: Bypassing Kerberoast Detections with Modified KDC Options and Encryption Types
Bypassing Kerberoast Detections with Modified KDC Options and Encryption Types - trustedsec/orpheus
These KQL queries are designed to find use of the abuses in the #BloodHound BARK toolkit in #Azure AD
https://github.com/reprise99/Sentinel-Queries/tree/main/Azure%20AD%20Abuse%20Detection
#ad
@NetPentesters
https://github.com/reprise99/Sentinel-Queries/tree/main/Azure%20AD%20Abuse%20Detection
#ad
@NetPentesters
GitHub
Sentinel-Queries/Azure AD Abuse Detection at main · reprise99/Sentinel-Queries
Collection of KQL queries. Contribute to reprise99/Sentinel-Queries development by creating an account on GitHub.
FarsightAD
A #PowerShell noscript that aim to help uncovering (eventual) persistence mechanisms deployed by a threat actor following an Active Directory domain compromise.
The noscript produces CSV / JSON file exports of various objects and their attributes, enriched with timestamps from replication metadata. Additionally, if executed with replication privileges, the Directory Replication Service (DRS) protocol is leveraged to detect fully or partially hidden objects.
https://github.com/Qazeer/FarsightAD
#ad
@NetPentesters
A #PowerShell noscript that aim to help uncovering (eventual) persistence mechanisms deployed by a threat actor following an Active Directory domain compromise.
The noscript produces CSV / JSON file exports of various objects and their attributes, enriched with timestamps from replication metadata. Additionally, if executed with replication privileges, the Directory Replication Service (DRS) protocol is leveraged to detect fully or partially hidden objects.
https://github.com/Qazeer/FarsightAD
#ad
@NetPentesters
GitHub
GitHub - Qazeer/FarsightAD: PowerShell noscript that aim to help uncovering (eventual) persistence mechanisms deployed by a threat…
PowerShell noscript that aim to help uncovering (eventual) persistence mechanisms deployed by a threat actor following an Active Directory domain compromise - Qazeer/FarsightAD
👨💻1
ntlm_theft
A tool for generating multiple types of NTLMv2 hash theft files.
ntlm_theft is an Open Source Python3 Tool that generates 21 different types of hash theft documents. These can be used for phishing when either the target allows smb traffic outside their network, or if you are already inside the internal network.
https://github.com/Greenwolf/ntlm_theft
#NTML
@Netpentesters
A tool for generating multiple types of NTLMv2 hash theft files.
ntlm_theft is an Open Source Python3 Tool that generates 21 different types of hash theft documents. These can be used for phishing when either the target allows smb traffic outside their network, or if you are already inside the internal network.
https://github.com/Greenwolf/ntlm_theft
#NTML
@Netpentesters
Sandman
Sandman is a backdoor that meant to work on hardened networks during red team engagements.
Sandman works as a stager and leverages NTP (protocol to sync time & date) to download an arbitrary shellcode from a pre defined server.
Since NTP is a protocol that is overlooked by many defenders resulting wide network accessability.
https://github.com/Idov31/Sandman
#redteam
@Netpentesters
Sandman is a backdoor that meant to work on hardened networks during red team engagements.
Sandman works as a stager and leverages NTP (protocol to sync time & date) to download an arbitrary shellcode from a pre defined server.
Since NTP is a protocol that is overlooked by many defenders resulting wide network accessability.
https://github.com/Idov31/Sandman
#redteam
@Netpentesters
GitHub
GitHub - Idov31/Sandman: Sandman is a NTP based backdoor for hardened networks.
Sandman is a NTP based backdoor for hardened networks. - Idov31/Sandman
Warbird Hook
Using Microsoft WARBIRD to automatically unpack and execute encrypted shellcode in ClipSp.sys without triggering PatchGuard.
https://github.com/KiFilterFiberContext/warbird-hook
@Netpentesters
Using Microsoft WARBIRD to automatically unpack and execute encrypted shellcode in ClipSp.sys without triggering PatchGuard.
https://github.com/KiFilterFiberContext/warbird-hook
@Netpentesters
GitHub
GitHub - KiFilterFiberContext/warbird-hook: Using Microsoft Warbird to automatically unpack and execute encrypted shellcode in…
Using Microsoft Warbird to automatically unpack and execute encrypted shellcode in ClipSp.sys without triggering PatchGuard - KiFilterFiberContext/warbird-hook
👍1
⭐️ Privileger
Privilger allows you to work with privileges in Windows as easily as possible. There are three modes:
— Add privileges to an account;
— Start a process by adding a specific privilege to its token;
— Remove privilege from the user.
Thanks to:
@Michaelzhm
https://github.com/MzHmO/Privileger
#ad #windows #privilege #lsa
@netpentesters
Privilger allows you to work with privileges in Windows as easily as possible. There are three modes:
— Add privileges to an account;
— Start a process by adding a specific privilege to its token;
— Remove privilege from the user.
Thanks to:
@Michaelzhm
https://github.com/MzHmO/Privileger
#ad #windows #privilege #lsa
@netpentesters
👍4
Friends, if you have an idea to improve the channel, share it with us.
@ChatNPTbot
@ChatNPTbot
Clouditor Community Edition
Clouditor is a tool which supports continuous cloud assurance. Its main goal is to continuously evaluate if a cloud-based application (built using, e.g., Amazon Web Services (AWS) or Microsoft Azure) is configured in a secure way and thus complies with security requirements defined by, e.g., Cloud Computing Compliance Controls Catalogue (C5) issued by the German Office for Information Security (BSI) or the Cloud Control Matrix (CCM) published by the Cloud Security Alliance (CSA).
https://github.com/clouditor/clouditor
#azure #aws
@netpentesters
Clouditor is a tool which supports continuous cloud assurance. Its main goal is to continuously evaluate if a cloud-based application (built using, e.g., Amazon Web Services (AWS) or Microsoft Azure) is configured in a secure way and thus complies with security requirements defined by, e.g., Cloud Computing Compliance Controls Catalogue (C5) issued by the German Office for Information Security (BSI) or the Cloud Control Matrix (CCM) published by the Cloud Security Alliance (CSA).
https://github.com/clouditor/clouditor
#azure #aws
@netpentesters
Masky
A python library providing an alternative way to remotely dump domain users' credentials thanks to an ADCS. A command line tool has been built on top of this library in order to easily gather PFX, NT hashes and TGT on a larger scope.
This tool does not exploit any new vulnerability and does not work by dumping the LSASS process memory. Indeed, it only takes advantage of legitimate Windows and Active Directory features (token impersonation, certificate authentication via kerberos & NT hashes retrieval via PKINIT).
A blog post was published to detail the implemented technics and how Masky works.
https://github.com/Z4kSec/Masky
#ad #adcs #lsass #redteam
@Netpentesters
A python library providing an alternative way to remotely dump domain users' credentials thanks to an ADCS. A command line tool has been built on top of this library in order to easily gather PFX, NT hashes and TGT on a larger scope.
This tool does not exploit any new vulnerability and does not work by dumping the LSASS process memory. Indeed, it only takes advantage of legitimate Windows and Active Directory features (token impersonation, certificate authentication via kerberos & NT hashes retrieval via PKINIT).
A blog post was published to detail the implemented technics and how Masky works.
https://github.com/Z4kSec/Masky
#ad #adcs #lsass #redteam
@Netpentesters
GitHub
GitHub - Z4kSec/Masky: Python library with CLI allowing to remotely dump domain user credentials via an ADCS without dumping the…
Python library with CLI allowing to remotely dump domain user credentials via an ADCS without dumping the LSASS process memory - Z4kSec/Masky
extracting NTLMv2 hashes from a network traffic dump
https://github.com/mlgualtieri/NTLMRawUnHide
#ntlm #pcap
@Netpentesters
https://github.com/mlgualtieri/NTLMRawUnHide
#ntlm #pcap
@Netpentesters
GitHub
GitHub - mlgualtieri/NTLMRawUnHide: NTLMRawUnhide.py is a Python3 noscript designed to parse network packet capture files and extract…
NTLMRawUnhide.py is a Python3 noscript designed to parse network packet capture files and extract NTLMv2 hashes in a crackable format. The following binary network packet capture formats are supporte...
Systematization of attacks on the perimeter of L2/L3 network equipment. Ver. 3.0.
V 2.0
#Analytics
#attack
@netpentesters
V 2.0
#Analytics
#attack
@netpentesters