A tool to escalate privileges in an active directory network by coercing authenticate from machine accounts and relaying to the certificate service.
https://twitter.com/_batsec_/status/1421140725815709698
https://github.com/bats3c/ADCSPwn
https://twitter.com/_batsec_/status/1421140725815709698
https://github.com/bats3c/ADCSPwn
Twitter
batsec
I'm releasing my tool to exploit AD CS relaying. It will automate most the steps required for both local and domain privilege escalation. The images below show how it can be used to get a beacon as system on a domain controller.
Remote Desktop Protocol .NET Console Application for Authenticated Command Execution
ابزاری مشابه سری ابزارهای pstools
https://github.com/0xthirteen/SharpRDP
ابزاری مشابه سری ابزارهای pstools
https://github.com/0xthirteen/SharpRDP
GitHub
GitHub - 0xthirteen/SharpRDP: Remote Desktop Protocol .NET Console Application for Authenticated Command Execution
Remote Desktop Protocol .NET Console Application for Authenticated Command Execution - 0xthirteen/SharpRDP
Universal Privilege Escalation and Persistence – Printer
https://pentestlab.blog/2021/08/02/universal-privilege-escalation-and-persistence-printer/
https://pentestlab.blog/2021/08/02/universal-privilege-escalation-and-persistence-printer/
Penetration Testing Lab
Universal Privilege Escalation and Persistence – Printer
The Print Spooler is responsible to manage and process printer jobs. It runs as a service with SYSTEM level privileges on windows environments. Abuse of the Print Spooler service is not new and suc…
ساخت object های مختلف در اکیتو دایرکتوری برای تبدیل ماشین مجازی به محیط تست اکتیو دایرکتوری توسط ماژول های پاورشل badblood
https://github.com/davidprowe/BadBlood
#badblood #LAB #Activedirectory
https://github.com/davidprowe/BadBlood
#badblood #LAB #Activedirectory
GitHub
GitHub - davidprowe/BadBlood: BadBlood by @davidprowe, Secframe.com, fills a Microsoft Active Directory Domain with a structure…
BadBlood by @davidprowe, Secframe.com, fills a Microsoft Active Directory Domain with a structure and thousands of objects. The output of the tool is a domain similar to a domain in the real world....
Selection blackhat Tools
https://therecord.media/security-tools-showcased-at-black-hat-usa-2021/amp/?__twitter_impression=true
#blackhat
https://therecord.media/security-tools-showcased-at-black-hat-usa-2021/amp/?__twitter_impression=true
#blackhat
The Record by Recorded Future
Security tools showcased at Black Hat USA 2021
While everyone associates the Black Hat security conference with high-profile keynotes and state-of-the-art cybersecurity research, ever since the 2017 edition, the conference has also been the place where the cybersecurity community has also announced and…
Tool to bypass LSA Protection (aka Protected Process Light)
https://github.com/RedCursorSecurityConsulting/PPLKiller
#post_exploit
https://github.com/RedCursorSecurityConsulting/PPLKiller
#post_exploit
GitHub
GitHub - RedCursorSecurityConsulting/PPLKiller: Tool to bypass LSA Protection (aka Protected Process Light)
Tool to bypass LSA Protection (aka Protected Process Light) - RedCursorSecurityConsulting/PPLKiller
PowerSharpPack
Many usefull offensive CSharp Projects wraped into Powershell for easy usage.
https://github.com/S3cur3Th1sSh1t/PowerSharpPack
#powershell #post_exploit
Many usefull offensive CSharp Projects wraped into Powershell for easy usage.
https://github.com/S3cur3Th1sSh1t/PowerSharpPack
#powershell #post_exploit
GitHub
GitHub - S3cur3Th1sSh1t/PowerSharpPack
Contribute to S3cur3Th1sSh1t/PowerSharpPack development by creating an account on GitHub.
fibratus
A modern tool for the Windows kernel exploration and tracing
https://github.com/rabbitstack/fibratus
A modern tool for the Windows kernel exploration and tracing
https://github.com/rabbitstack/fibratus
GitHub
GitHub - rabbitstack/fibratus: Adversary tradecraft detection, protection, and hunting
Adversary tradecraft detection, protection, and hunting - GitHub - rabbitstack/fibratus: Adversary tradecraft detection, protection, and hunting
smb2os
Use smb2 protocol to detect remote computer os version, support win7/server2008-win10/server2019
https://github.com/w1u0u1/smb2os
Use smb2 protocol to detect remote computer os version, support win7/server2008-win10/server2019
https://github.com/w1u0u1/smb2os
GitHub
GitHub - w1u0u1/smb2os: Use smb2 protocol to detect remote computer os version, support win7/server2008-win10/server2019
Use smb2 protocol to detect remote computer os version, support win7/server2008-win10/server2019 - w1u0u1/smb2os
unDefender
Killing your preferred antimalware by abusing native symbolic links and NT paths.
https://github.com/last-byte/unDefender
Killing your preferred antimalware by abusing native symbolic links and NT paths.
https://github.com/last-byte/unDefender
XSTREAM 1.4.17 includes (CVE-2021-39141、CVE-2021-39144、CVE-2021-39150、CVE-2021-39152)
https://github.com/zwjjustdoit/Xstream-1.4.17
#Exploit
https://github.com/zwjjustdoit/Xstream-1.4.17
#Exploit
GitHub
GitHub - zwjjustdoit/Xstream-1.4.17: XSTREAM<=1.4.17漏洞复现(CVE-2021-39141、CVE-2021-39144、CVE-2021-39150)
XSTREAM<=1.4.17漏洞复现(CVE-2021-39141、CVE-2021-39144、CVE-2021-39150) - zwjjustdoit/Xstream-1.4.17
medusa honeypot for (ssh, telnet, http or other tcp servers)
https://github.com/evilsocket/medusa
#honeypot
https://github.com/evilsocket/medusa
#honeypot
GitHub
GitHub - evilsocket/medusa: A fast and secure multi protocol honeypot.
A fast and secure multi protocol honeypot. Contribute to evilsocket/medusa development by creating an account on GitHub.
Sliver agent for Linux with very low detection rate
https://github.com/BishopFox/sliver
Total link:
https://www.virustotal.com/gui/file/b17e26ce72362caaa1b22d98b384587a8363dc421061db96b897b91a014466a1/community
Rule
https://valhalla.nextron-systems.com/info/rule/MAL_GOLANG_Sliver_Implant
credit:https://twitter.com/cyb3rops/status/1431521109971722241?s=20
https://github.com/BishopFox/sliver
Total link:
https://www.virustotal.com/gui/file/b17e26ce72362caaa1b22d98b384587a8363dc421061db96b897b91a014466a1/community
Rule
https://valhalla.nextron-systems.com/info/rule/MAL_GOLANG_Sliver_Implant
credit:https://twitter.com/cyb3rops/status/1431521109971722241?s=20
GitHub
GitHub - BishopFox/sliver: Adversary Emulation Framework
Adversary Emulation Framework. Contribute to BishopFox/sliver development by creating an account on GitHub.
CVE-2021-26084: Hint 1: grep -FR "='\$!" --include=*.vm confluence/
CVE-2021-26084: Hint 2 : https://github.com/jkuhnert/ognl/blob/master/src/etc/ognl.jjt#L48
CVE-2021-26084: Hint 2 : https://github.com/jkuhnert/ognl/blob/master/src/etc/ognl.jjt#L48
GitHub
ognl/ognl.jjt at master · jkuhnert/ognl
Object Graph Navigation Library. Contribute to jkuhnert/ognl development by creating an account on GitHub.
Windows Defender Application Guard DoS via Long Hostname
https://github.com/jdgregson/Disclosures/tree/master/microsoft/wdag-dos-long-hostname
https://github.com/jdgregson/Disclosures/tree/master/microsoft/wdag-dos-long-hostname
GitHub
Disclosures/microsoft/wdag-dos-long-hostname at master · jdgregson/Disclosures
My publically disclosed vulnerability reports. Contribute to jdgregson/Disclosures development by creating an account on GitHub.
Restricted Admin Mode was introduced in Windows 8.1 as an attempt to prevent credential exposure via RDP. While well intentioned, this unfortunately introduced the ability to pass-the-hash to RDP.
https://github.com/GhostPack/RestrictedAdmin
#RestrictedAdmin #PTH
https://github.com/GhostPack/RestrictedAdmin
#RestrictedAdmin #PTH
GitHub
GitHub - GhostPack/RestrictedAdmin: Remotely enables Restricted Admin Mode
Remotely enables Restricted Admin Mode. Contribute to GhostPack/RestrictedAdmin development by creating an account on GitHub.