Game Of Active Directory v2 | Mayfly
https://mayfly277.github.io/posts/GOADv2/
https://mayfly277.github.io/posts/GOADv2/
Mayfly
Game Of Active Directory v2
Yes another pentester blog..
GitHub - winterknife/PINKPANTHER: Windows x64 handcrafted token stealing kernel-mode shellcode
https://github.com/winterknife/PINKPANTHER
https://github.com/winterknife/PINKPANTHER
GitHub
GitHub - winterknife/PINKPANTHER: Windows x64 handcrafted token stealing kernel-mode shellcode
Windows x64 handcrafted token stealing kernel-mode shellcode - winterknife/PINKPANTHER
Brute Ratel C4 Red Teaming Tool Being Abused by Malicious Actors
https://unit42.paloaltonetworks.com/brute-ratel-c4-tool/
https://unit42.paloaltonetworks.com/brute-ratel-c4-tool/
Unit 42
When Pentest Tools Go Brutal: Red-Teaming Tool Being Abused by Malicious Actors
Pentest and adversary emulation tool Brute Ratel C4 is effective at defeating modern detection capabilities – and malicious actors have begun to adopt it.
VOD will be up later, but the commands for a layer2 tunnel were:
sudo ssh -o Tunnel=ethernet -w 0:0 root@172.16.204.130
ip link add br0 type bridge
ip link set ens160 master br0
ip link set tap0 master br0
ip link set tap0 up (run on both ends)
ip link set br0 up
sudo ssh -o Tunnel=ethernet -w 0:0 root@172.16.204.130
ip link add br0 type bridge
ip link set ens160 master br0
ip link set tap0 master br0
ip link set tap0 up (run on both ends)
ip link set br0 up
AMSI Bypass - Memory Patching - aidenpearce369
https://aidenpearce369.github.io/offsec/AMSI-Memory-Bypass/
https://aidenpearce369.github.io/offsec/AMSI-Memory-Bypass/
GitHub - edoardottt/awesome-hacker-search-engines: A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red Team operations, Bug Bounty and more
https://github.com/edoardottt/awesome-hacker-search-engines
https://github.com/edoardottt/awesome-hacker-search-engines
GitHub
GitHub - edoardottt/awesome-hacker-search-engines: A curated list of awesome search engines useful during Penetration testing,…
A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more - edoardottt/awesome-hacker-search-engines
Found an interesting API endpoint ? Here's how to fuzz it 🔥🔥🔥
ffuf -u target. com/api/v2/FUZZ -w api_seen_in_wild.txt -c -ac -t 250 -fc 400,404,412
Here are some sick wordlists 🔥🔥🔥
https://github.com/Net-hunter121/API-Wordlist
ffuf -u target. com/api/v2/FUZZ -w api_seen_in_wild.txt -c -ac -t 250 -fc 400,404,412
Here are some sick wordlists 🔥🔥🔥
https://github.com/Net-hunter121/API-Wordlist
GitHub
GitHub - Net-hunter121/API-Wordlist
Contribute to Net-hunter121/API-Wordlist development by creating an account on GitHub.
Detectree: Detection Visualisation for Blue Teams
https://labs.withsecure.com/tools/detectree
https://labs.withsecure.com/tools/detectree
Release AD-denoscription-password-finder v2.0.0 · AssuranceMaladieSec/AD-denoscription-password-finder · GitHub
https://github.com/AssuranceMaladieSec/AD-denoscription-password-finder/releases/tag/v2.0.0
https://github.com/AssuranceMaladieSec/AD-denoscription-password-finder/releases/tag/v2.0.0
GitHub
Release AD-denoscription-password-finder v2.0.0 · AssuranceMaladieSec/AD-denoscription-password-finder
Better regex
Push in the results denoscriptions suspected of containing passwords but didn't match the one in the ntds
Push in the results denoscriptions suspected of containing passwords but didn't match the one in the ntds
GitHub - enkomio/AlanFramework: A C2 post-exploitation framework
https://github.com/enkomio/AlanFramework
https://github.com/enkomio/AlanFramework
GitHub
GitHub - enkomio/AlanFramework: A C2 post-exploitation framework
A C2 post-exploitation framework. Contribute to enkomio/AlanFramework development by creating an account on GitHub.
x86matthew - EmbedExeReg - Embedding an EXE inside a .REG file with automatic execution
https://www.x86matthew.com/view_post?id=embed_exe_reg
https://www.x86matthew.com/view_post?id=embed_exe_reg