Thirumalai_Khanna.pdf
3.6 MB
"Who Owns Your Hybrid Active Directory? Hunting for Adversary Techniques", 2021.
#cloud
#ad
@NetPentesters
#cloud
#ad
@NetPentesters
Active Directory Lateral Movement
https://research.splunk.com/stories/active_directory_lateral_movement
#Blue_Team
#AD
@NetPentesters
https://research.splunk.com/stories/active_directory_lateral_movement
#Blue_Team
#AD
@NetPentesters
Splunk Security Content
Analytics Story: Active Directory Lateral Movement
Date: 2021-12-09 ID: 399d65dc-1f08-499b-a259-aad9051f38ad Author: David Dorsey, Mauricio Velazco Splunk Product: Splunk Enterprise Security Denoscription Detect and investigate tactics, techniques, and procedures around how attackers move laterally within an…
Intruding 5G core networks from outside and inside
https://penthertz.com/blog/Intruding-5G-core-networks-from-outside-and_inside.html
#5G
#Network
@NetPentesters
https://penthertz.com/blog/Intruding-5G-core-networks-from-outside-and_inside.html
#5G
#Network
@NetPentesters
Powershell tool to automate Active Directory enumeration
https://github.com/61106960/adPEAS#simple-usage-with-generic-program-parameters
#PowerShell
#Redteam
#Ad
@NetPentesters
https://github.com/61106960/adPEAS#simple-usage-with-generic-program-parameters
#PowerShell
#Redteam
#Ad
@NetPentesters
GitHub
GitHub - 61106960/adPEAS: Powershell tool to automate Active Directory enumeration.
Powershell tool to automate Active Directory enumeration. - 61106960/adPEAS
Cloud Security Breaches and Vulnerabilities:
2021 in Review
https://blog.christophetd.fr/cloud-security-breaches-and-vulnerabilities-2021-in-review
#breaches
#cloud
#Vulnerability
@NetPentesters
2021 in Review
https://blog.christophetd.fr/cloud-security-breaches-and-vulnerabilities-2021-in-review
#breaches
#cloud
#Vulnerability
@NetPentesters
Internal network honeypot for detecting if an attacker/insider threat scans your network for log4j CVE-2021-44228
https://github.com/BinaryDefense/log4j-honeypot-flask
#honeypot
#Log4j
@NetPentesters
https://github.com/BinaryDefense/log4j-honeypot-flask
#honeypot
#Log4j
@NetPentesters
The mindmaps for AWS services
to get AWS Certificates easier
https://github.com/notcuder/aws-mindmap
#Mindmap
#Aws
@NetPentesters
to get AWS Certificates easier
https://github.com/notcuder/aws-mindmap
#Mindmap
#Aws
@NetPentesters
GitHub
GitHub - notcuder/aws-mindmap: The mindmaps for AWS services to get AWS Certificates easier.
The mindmaps for AWS services to get AWS Certificates easier. - notcuder/aws-mindmap
CrackMapExec (CME) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks
https://github.com/byt3bl33d3r/CrackMapExec
#AD
@NetPentesters
https://github.com/byt3bl33d3r/CrackMapExec
#AD
@NetPentesters
GitHub
GitHub - byt3bl33d3r/CrackMapExec: A swiss army knife for pentesting networks
A swiss army knife for pentesting networks. Contribute to byt3bl33d3r/CrackMapExec development by creating an account on GitHub.
CVE-2021-45608 - NetUSB RCE Flaw in Millions of End User Routers
https://www.sentinelone.com/labs/cve-2021-45608-netusb-rce-flaw-in-millions-of-end-user-routers
#router
#cve
@NetPentesters
https://www.sentinelone.com/labs/cve-2021-45608-netusb-rce-flaw-in-millions-of-end-user-routers
#router
#cve
@NetPentesters
SentinelOne
CVE-2021-45608 | NetUSB RCE Flaw in Millions of End User Routers
SentinelLabs has discovered a high severity flaw in NetUSB which could be remotely exploited to execute code in the kernel.
icmpdoor - ICMP reverse shell in Python 3
https://cryptsus.com/blog/icmp-reverse-shell.html
]-> https://github.com/krabelize/icmpdoor
#python
@NetPentesters
https://cryptsus.com/blog/icmp-reverse-shell.html
]-> https://github.com/krabelize/icmpdoor
#python
@NetPentesters
Cryptsus
icmpdoor - ICMP reverse shell in Python 3 — Cryptsus Blog
Cryptsus is a security consulting group of expert hackers specializing in securing systems and networks, authentication systems and vulnerability management.
Searching for Deserialization Protection Bypasses
in Microsoft Exchange (CVE-2022-21969)
https://medium.com/@frycos/searching-for-deserialization-protection-bypasses-in-microsoft-exchange-cve-2022-21969-bfa38f63a62d
#Microsoft
#exchange
@NetPentesters
in Microsoft Exchange (CVE-2022-21969)
https://medium.com/@frycos/searching-for-deserialization-protection-bypasses-in-microsoft-exchange-cve-2022-21969-bfa38f63a62d
#Microsoft
#exchange
@NetPentesters
Medium
Searching for Deserialization Protection Bypasses in Microsoft Exchange (CVE-2022–21969)
This story begins with a series of fails, but why? That is because of my special relationship with the Microsoft Exchange codebase…
SMBploit - offensive tool to scan/exploit vulnerabilities in Microsoft Windows over the Samba protocol (SMB) using the Metasploit Framework
https://github.com/d4t4s3c/SMBploit
@NetPentesters
https://github.com/d4t4s3c/SMBploit
@NetPentesters
Vulnerable AWS Lambda function - Initial access in cloud attacks
https://sysdig.com/blog/exploit-mitigate-aws-lambdas-mitre
#Cloud
#Vulnerability
#AWS
@NetPentesters
https://sysdig.com/blog/exploit-mitigate-aws-lambdas-mitre
#Cloud
#Vulnerability
#AWS
@NetPentesters
Sysdig
Lambda Threat – Best Practices for Lambda Security | Sysdig
The security research team explains the attack scenario with a vulnerable AWS Lambda function could be a threat used by attackers.
Exploiting Common Misconfigurations in Cisco Phone Systems
https://www.trustedsec.com/blog/seeyoucm-thief-exploiting-common-misconfigurations-in-cisco-phone-systems
]-> Tool to automatically download/parse configuration files from Cisco phone systems searching for SSH credentials:
https://github.com/trustedsec/SeeYouCM-Thief
#Cisco
#tools
@NetPentesters
https://www.trustedsec.com/blog/seeyoucm-thief-exploiting-common-misconfigurations-in-cisco-phone-systems
]-> Tool to automatically download/parse configuration files from Cisco phone systems searching for SSH credentials:
https://github.com/trustedsec/SeeYouCM-Thief
#Cisco
#tools
@NetPentesters
TrustedSec
SeeYouCM-Thief: Exploiting Common Misconfigurations in Cisco Phone…
1.1 Intro I spent my early IT career working for a Cisco partner that specialized in Cisco phone systems. I did, however, get to see my share of networks…
Attack and defend active directory using modern
post exploitation adversary tradecraft activity
https://github.com/infosecn1nja/AD-Attack-Defense
#AD
#RedTeam
#Attack
@NetPentesters
post exploitation adversary tradecraft activity
https://github.com/infosecn1nja/AD-Attack-Defense
#AD
#RedTeam
#Attack
@NetPentesters
GitHub
GitHub - infosecn1nja/AD-Attack-Defense: Attack and defend active directory using modern post exploitation adversary tradecraft…
Attack and defend active directory using modern post exploitation adversary tradecraft activity - infosecn1nja/AD-Attack-Defense
Mandiant Azure AD Investigator:
PowerShell module for detecting artifacts that may be indicators of UNC2452 and other threat actor activity
https://github.com/mandiant/Mandiant-Azure-AD-Investigator
#Cloud
#AD
#Azure
#PowerShell
@NetPentesters
PowerShell module for detecting artifacts that may be indicators of UNC2452 and other threat actor activity
https://github.com/mandiant/Mandiant-Azure-AD-Investigator
#Cloud
#AD
#Azure
#PowerShell
@NetPentesters
GitHub
GitHub - mandiant/Mandiant-Azure-AD-Investigator
Contribute to mandiant/Mandiant-Azure-AD-Investigator development by creating an account on GitHub.
Azure Security Resources and Notes
https://github.com/rootsecdev/Azure-Red-Team
#Cloud
#Azure
#RedTeam
@NetPentesters
https://github.com/rootsecdev/Azure-Red-Team
#Cloud
#Azure
#RedTeam
@NetPentesters
GitHub
GitHub - rootsecdev/Azure-Red-Team: Azure Security Resources and Notes
Azure Security Resources and Notes. Contribute to rootsecdev/Azure-Red-Team development by creating an account on GitHub.
Active Directory security check in seconds The PingCastle tool allows you to perform more than 100K AD security checks, without installation, administration or sending data "to the cloud", while generating a convenient report. Some of the checks include potential risks, so there may be occasional false positives.
https://github.com/vletoux/pingcastle
#redteam
#ad
@NetPentesters
https://github.com/vletoux/pingcastle
#redteam
#ad
@NetPentesters
GitHub
GitHub - netwrix/pingcastle: PingCastle - Get Active Directory Security at 80% in 20% of the time
PingCastle - Get Active Directory Security at 80% in 20% of the time - netwrix/pingcastle
Checking out Azure AD cross tenant access policies
https://goodworkaround.com/2022/01/12/checking-out-azure-ad-cross-tenant-access-policies
]-> Terraform Azure IP Ranges module:
https://github.com/goodworkaround/tfazureipranges
#Cloud
#Azure
#AD
@NetPentesters
https://goodworkaround.com/2022/01/12/checking-out-azure-ad-cross-tenant-access-policies
]-> Terraform Azure IP Ranges module:
https://github.com/goodworkaround/tfazureipranges
#Cloud
#Azure
#AD
@NetPentesters
Good Workaround!
Checking out Azure AD cross tenant access policies
So, as one does, I was checking out the different Microsoft Graph AppRoles, which are the application scopes available. And then I found this: Now, I now cross tenant access is something Microsoft …