Directory Services Internals (DSInternals)
Ad toolkit ,PowerShell Module and Framework
https://github.com/MichaelGrafnetter/DSInternals/tree/master
#ad
Ad toolkit ,PowerShell Module and Framework
https://github.com/MichaelGrafnetter/DSInternals/tree/master
#ad
👍3
Credential_Dumping_NTDS_dit_1628039354.pdf
1.2 MB
Credential Dumping: NTDS.dit
In this article, you will learn how passwords are stored in NTDS.dit file on Windows Server and then we will learn how to dump these credentials hashes from NTDS.dit file.
Table of Content
▪ Introduction to NTDS ▪ NTDSPartitions
▪ DatabaseStorageTable
▪ ExtractingCredentialbyExploitNTDS.ditinMultipleMethods
▪ FGDump
▪ NTDSUtil
▪ DSInternals
▪ NTDSDumpEx ▪ Metasploit
▪ NTDS_location ▪ NTDS_grabber ▪ secretsdump
▪ CrackMapExec
▪ CrackingHashes
#ad #active_directory
👍8
Windows API Function Cheatsheets
https://github.com/7etsuo/windows-api-function-cheatsheets
index :
https://github.com/7etsuo/windows-api-function-cheatsheets
index :
File Operations
Process Management
Memory Management
Thread Management
Dynamic-Link Library (DLL) Management
Synchronization
Interprocess Communication
Windows Hooks
Cryptography
Debugging
Winsock
Registry Operations
Error Handling
Resource Management
Unicode String Functions
String Length
String Copy
String Concatenation
String Comparison
String Search
Character Classification and Conversion
Win32 Structs Cheat Sheet
Common Structs
Win32 Sockets Structs Cheat Sheet (winsock.h)
Win32 Sockets Structs Cheat Sheet (winsock2.h)
Win32 Sockets Structs Cheat Sheet (ws2def.h)
Code Injection Techniques
1. DLL Injection
2. PE Injection
3. Reflective Injection
4. APC Injection
5. Process Hollowing (Process Replacement)
6. AtomBombing
7. Process Doppelgänging
8. Process Herpaderping
9. Hooking Injection
10. Extra Windows Memory Injection
11. Propagate Injection
12. Heap Spray
13. Thread Execution Hijacking
14. Module Stomping
15. IAT Hooking
16. Inline Hooking
17. Debugger Injection
18. COM Hijacking
19. Phantom DLL Hollowing
20. PROPagate
21. Early Bird Injection
22. Shim-based Injection
23. Mapping Injection
24. KnownDlls Cache Poisoning
Process Enumeration
🔥4👍3👾2😢1
BounceBack
redirector for your red team operation security
https://github.com/D00Movenok/BounceBack
#c2 #infrastructure #redteam #redirector
redirector for your red team operation security
https://github.com/D00Movenok/BounceBack
#c2 #infrastructure #redteam #redirector
❤3👎1
👍3
sgn
https://github.com/EgeBalci/sgn
#shellcode
SGN is a polymorphic binary encoder for offensive security purposes such as generating statically undetecable binary payloads. It uses a additive feedback loop to encode given binary instructions similar to LSFR. This project is the reimplementation of the original Shikata ga nai in golang with many improvements.
https://github.com/EgeBalci/sgn
#shellcode
👍4
Forwarded from KS note (Kian)
⚒ How to calculate the Address of Contract using
🔗 Learn Foundry
WalletAddress and WalletNonce using Foundry🔗 Learn Foundry
👍8
A Syscall Journey in the Windows Kernel
Credit: Alice
https://alice.climent-pommeret.red/posts/a-syscall-journey-in-the-windows-kernel
#internals #windows
What's happening after a syscall
Credit: Alice
https://alice.climent-pommeret.red/posts/a-syscall-journey-in-the-windows-kernel
#internals #windows
👾4👍1
Forwarded from Order of Six Angles
QiAnXin Cyber Threat Report H1 2024 is released
https://ti.qianxin.com/uploads/2024/08/19/2274f632f6a1d8acd2f1801c24887edb.pdf
https://ti.qianxin.com/uploads/2024/08/19/2274f632f6a1d8acd2f1801c24887edb.pdf
👍7
Order of Six Angles
QiAnXin Cyber Threat Report H1 2024 is released https://ti.qianxin.com/uploads/2024/08/19/2274f632f6a1d8acd2f1801c24887edb.pdf
here is auto translated version , not bad
👇🏻
👇🏻
👍5
Just a piece of advice for anyone trying to learn something new:
We all start very enthusiastically, dedicating time and effort. But as complexity increases, we might avoid challenges by shifting to easier tasks. While taking breaks to refresh your mind is beneficial, beware of getting stuck in a cycle of mediocrity.
For example, imagine learning about database internals or how DRAM works. Initially, it's easy to grasp, but you'll inevitably hit a wall. When this happens, explore related concepts, read articles and whitepapers, and connect the dots.
I avoid strict roadmaps and timelines for personal learning because they limit exploration. Trust me, there is no scarcity of knowledge out there, and you'll be amazed by what you discover. (Of course, this advice doesn't apply to professional deadlines; this is specifically for personal upskilling).
. Choose a method that you enjoy and that keeps you motivated. Just don't forget the reason you started this journey in the first place.
credit :
Mohit Mishra
We all start very enthusiastically, dedicating time and effort. But as complexity increases, we might avoid challenges by shifting to easier tasks. While taking breaks to refresh your mind is beneficial, beware of getting stuck in a cycle of mediocrity.
For example, imagine learning about database internals or how DRAM works. Initially, it's easy to grasp, but you'll inevitably hit a wall. When this happens, explore related concepts, read articles and whitepapers, and connect the dots.
I avoid strict roadmaps and timelines for personal learning because they limit exploration. Trust me, there is no scarcity of knowledge out there, and you'll be amazed by what you discover. (Of course, this advice doesn't apply to professional deadlines; this is specifically for personal upskilling).
Remember, there's no single right way to learn
. Choose a method that you enjoy and that keeps you motivated. Just don't forget the reason you started this journey in the first place.
credit :
Mohit Mishra
❤9👍4
Exploring Android Exploitation: A Journey into Stack Overflow Vulnerability
Credit: @INVOXES
https://kousha1999.github.io/posts/2024/Android-Stack-Overflow-Exploitation-with-Frida
Credit: @INVOXES
https://kousha1999.github.io/posts/2024/Android-Stack-Overflow-Exploitation-with-Frida
👍7
themida-unmutate
A Python 3 tool to statically deobfuscate functions protected by Themida, WinLicense and Code Virtualizer 3.x's mutation-based obfuscation.
The tool has been tested on Themida up to version 3.1.9. It's expected to work on WinLicense and Code Virtualizer as well.
https://github.com/ergrelet/themida-unmutate
A Binary Ninja plugin is also available here.
#unpacking #packer
A Python 3 tool to statically deobfuscate functions protected by Themida, WinLicense and Code Virtualizer 3.x's mutation-based obfuscation.
The tool has been tested on Themida up to version 3.1.9. It's expected to work on WinLicense and Code Virtualizer as well.
https://github.com/ergrelet/themida-unmutate
A Binary Ninja plugin is also available here.
#unpacking #packer
👍5🔥4
Forwarded from 1N73LL1G3NC3
SCCMSecrets.py
A python utility that builds upon existing SCCM research. It goes beyond NAA credentials extraction, and aims to provide a comprehensive approach regarding SCCM policies exploitation. The tool can be executed from various levels of privileges, and will attempt to uncover potential misconfigurations related to policies distribution. It will dump the content of all secret policies encountered as well as collection variables, in addition to package noscripts hosted on the distribution points. Finally, it can be used throughout the intrusion process by configuring it to impersonate legitimate SCCM clients, in order to pivot across device collections.
For more details regarding the tool and its usage, see the associated article at: https://www.synacktiv.com/publications/sccmsecretspy-exploiting-sccm-policies-distribution-for-credentials-harvesting-initial
P.S. Another tool allowing to dump SCCM distribution point resources via HTTP: https://github.com/badsectorlabs/sccm-http-looter
A python utility that builds upon existing SCCM research. It goes beyond NAA credentials extraction, and aims to provide a comprehensive approach regarding SCCM policies exploitation. The tool can be executed from various levels of privileges, and will attempt to uncover potential misconfigurations related to policies distribution. It will dump the content of all secret policies encountered as well as collection variables, in addition to package noscripts hosted on the distribution points. Finally, it can be used throughout the intrusion process by configuring it to impersonate legitimate SCCM clients, in order to pivot across device collections.
For more details regarding the tool and its usage, see the associated article at: https://www.synacktiv.com/publications/sccmsecretspy-exploiting-sccm-policies-distribution-for-credentials-harvesting-initial
P.S. Another tool allowing to dump SCCM distribution point resources via HTTP: https://github.com/badsectorlabs/sccm-http-looter
👍8❤1