Так, ну идея понятна... Собираем всё в BloodHound через SOAP, при этом не шумим по LDAP. ADWS (порт 9389) на DC по умолчанию доступен))
https://github.com/FalconForceTeam/SOAPHound
#bloodhound #redteam #pentest #recon
https://github.com/FalconForceTeam/SOAPHound
#bloodhound #redteam #pentest #recon
GitHub
GitHub - FalconForceTeam/SOAPHound: SOAPHound is a custom-developed .NET data collector tool which can be used to enumerate Active…
SOAPHound is a custom-developed .NET data collector tool which can be used to enumerate Active Directory environments via the Active Directory Web Services (ADWS) protocol. - FalconForceTeam/SOAPHound
Набор инструментов для удалённого дампа паролей.
https://github.com/Slowerzs/ThievingFox/
Ну и сам блог:
https://blog.slowerzs.net/posts/thievingfox/
#pentest #redteam #creds
https://github.com/Slowerzs/ThievingFox/
Ну и сам блог:
https://blog.slowerzs.net/posts/thievingfox/
#pentest #redteam #creds
Полезное исследование методов сбора информации в домене Active Directory и способов их обнаружения.
https://www.mdsec.co.uk/2024/02/active-directory-enumeration-for-red-teams/
#redteam #ad #pentest #bypass
https://www.mdsec.co.uk/2024/02/active-directory-enumeration-for-red-teams/
#redteam #ad #pentest #bypass
MDSec
Active Directory Enumeration for Red Teams - MDSec
The Directory Service is the heart and soul of many organisations, and whether its Active Directory, OpenLDAP or something more exotic, as a source of much knowledge it often acts...
Так, ADCS ESC13
https://posts.specterops.io/adcs-esc13-abuse-technique-fda4272fbd53
P.S. А 12 тоже мимо вас прошел😅
#ad #adcs #pentest #redteam
https://posts.specterops.io/adcs-esc13-abuse-technique-fda4272fbd53
P.S. А 12 тоже мимо вас прошел😅
#ad #adcs #pentest #redteam
Medium
ADCS ESC13 Abuse Technique
It is possible to configure an Active Directory Certificate Services (ADCS) certificate template with an issuance policy having an OID…
CVE-2024-21413: Microsoft Outlook Leak Hash
https://github.com/duy-31/CVE-2024-21413
#exploit #pentest #redteam #ad
https://github.com/duy-31/CVE-2024-21413
#exploit #pentest #redteam #ad
GitHub
GitHub - duy-31/CVE-2024-21413: Microsoft Outlook Information Disclosure Vulnerability (leak password hash) - Expect Script POC
Microsoft Outlook Information Disclosure Vulnerability (leak password hash) - Expect Script POC - duy-31/CVE-2024-21413
Ещё один пост SpecterOps про компрометацию SCCM
https://posts.specterops.io/sccm-hierarchy-takeover-with-high-availability-7dcbd3696b43
#ad #sccm #pentest #redteam
https://posts.specterops.io/sccm-hierarchy-takeover-with-high-availability-7dcbd3696b43
#ad #sccm #pentest #redteam
Medium
SCCM Hierarchy Takeover with High Availability
TL;DR: SCCM sites configured to support high availability can be abused to compromise the entire hierarchy
Про латераль из облака Azure к локальной среде
https://whiteknightlabs.com/2024/02/21/pivoting-from-microsoft-cloud-to-on-premise-machines/
#azure #ad #pentest #redteam
https://whiteknightlabs.com/2024/02/21/pivoting-from-microsoft-cloud-to-on-premise-machines/
#azure #ad #pentest #redteam
White Knight Labs
Pivoting from Microsoft Cloud to On-Premise Machines | White Knight Labs
This article will demonstrate one situation discovered during a recent cloud penetration test that allowed us to pivot from a Microsoft cloud
Про принудительную аутентификацию самого центра сертификации ADCS
https://decoder.cloud/2024/02/26/hello-im-your-adcs-server-and-i-want-to-authenticate-against-you/
Не знаю в чем цель, но все равно прикольно😅
#ad #pentest #redteam #adcs
https://decoder.cloud/2024/02/26/hello-im-your-adcs-server-and-i-want-to-authenticate-against-you/
Не знаю в чем цель, но все равно прикольно😅
#ad #pentest #redteam #adcs
Decoder's Blog
Hello: I’m your ADCS server and I want to authenticate against you
In my exploration of all the components and configurations related to the Windows Active Directory Certification Services (ADCS), after the “deep dive” in Cert Publishers group, I decid…
Ralf Hacker Channel
Так, ADCS ESC13 https://posts.specterops.io/adcs-esc13-abuse-technique-fda4272fbd53 P.S. А 12 тоже мимо вас прошел😅 #ad #adcs #pentest #redteam
ADCS ESC 14...
https://posts.specterops.io/adcs-esc14-abuse-technique-333a004dc2b9
А еще много будет?
#ad #redteam #pentest #adcs
https://posts.specterops.io/adcs-esc14-abuse-technique-333a004dc2b9
А еще много будет?
#ad #redteam #pentest #adcs
Medium
ADCS ESC14 Abuse Technique
The altSecurityIdentities attribute of Active Directory (AD) computers and users allows you to specify explicit certificate mappings. An…
От MS Exchange к компрометации домена AD
https://posts.specterops.io/pwned-by-the-mail-carrier-0750edfad43b
P.S. складывается ощущение, что статья неполная😅
#ad #pentest #redteam
https://posts.specterops.io/pwned-by-the-mail-carrier-0750edfad43b
P.S. складывается ощущение, что статья неполная😅
#ad #pentest #redteam
Medium
Pwned by the Mail Carrier
How MS Exchange on-premises compromises Active Directory and what organizations can do to prevent that
Много же кто знаком с прекрасным проектом GOAD? Так вот из той же категории выпущена лаборатория SCCM. Качайте и играйтесь)))
https://mayfly277.github.io/posts/SCCM-LAB-part0x0/
#ad #lab #pentest
https://mayfly277.github.io/posts/SCCM-LAB-part0x0/
#ad #lab #pentest
Ну и вот такой прикольный гайд по атакам AWS нашел))
https://rezaduty-1685945445294.hashnode.dev/attacking-aws
UPD: и ещё вот такую скинули
http://itsecwiki.org/index.php/Aws
#aws #cloud #pentest
https://rezaduty-1685945445294.hashnode.dev/attacking-aws
UPD: и ещё вот такую скинули
http://itsecwiki.org/index.php/Aws
#aws #cloud #pentest
DevSecOpsGuides
Attacking AWS
As businesses increasingly migrate their operations to Amazon Web Services (AWS), the significance of robust cloud security measures cannot be overstated. Yet, amidst the promise of unparalleled scalability and efficiency, AWS environments have becom...
Ну это прям реально полный гайд по Bloodhound CE. Для тех, кто ещё старым пользуется.
https://m4lwhere.medium.com/the-ultimate-guide-for-bloodhound-community-edition-bhce-80b574595acf
#pentest #enum #bloodhound
https://m4lwhere.medium.com/the-ultimate-guide-for-bloodhound-community-edition-bhce-80b574595acf
#pentest #enum #bloodhound
Medium
The Ultimate Guide for BloodHound Community Edition (BHCE)
I’ve run into many interested hackers who want to learn how to use BloodHound, but struggle to get started. Here’s how to be effective!
Ой, красота))) Получить данные из LSA без дампа LSASS.
Tool: https://github.com/EvanMcBroom/lsa-whisperer
Blog: https://posts.specterops.io/lsa-whisperer-20874277ea3b
#redteam #pentest #creds #dump
Tool: https://github.com/EvanMcBroom/lsa-whisperer
Blog: https://posts.specterops.io/lsa-whisperer-20874277ea3b
#redteam #pentest #creds #dump
GitHub
GitHub - EvanMcBroom/lsa-whisperer: Tools for interacting with authentication packages using their individual message protocols
Tools for interacting with authentication packages using their individual message protocols - EvanMcBroom/lsa-whisperer
SilverPotato...
https://decoder.cloud/2024/04/24/hello-im-your-domain-admin-and-i-want-to-authenticate-against-you/
#potato #pentest #redteam
https://decoder.cloud/2024/04/24/hello-im-your-domain-admin-and-i-want-to-authenticate-against-you/
#potato #pentest #redteam
Decoder's Blog
Hello: I’m your Domain Admin and I want to authenticate against you
TL;DR (really?): Members of Distributed COM Users or Performance Log Users Groups can trigger from remote and relay the authentication of users connected on the target server, including Domain Cont…
intro.gif
860 KB
Почему-то только сегодня обратил внимание на эту удобную штуку (ох, два года уже репозиторию)😅
https://github.com/aniqfakhrul/powerview.py
#ad #pentest #enum
https://github.com/aniqfakhrul/powerview.py
#ad #pentest #enum
CVE-2024-24919: Check Point arbitrary file read (as root)
Blog: https://labs.watchtowr.com/check-point-wrong-check-point-cve-2024-24919/
#cve #pentest #redteam
Blog: https://labs.watchtowr.com/check-point-wrong-check-point-cve-2024-24919/
#cve #pentest #redteam
watchTowr Labs - Blog
Check Point - Wrong Check Point (CVE-2024-24919)
Gather round, gather round - it’s time for another blogpost tearing open an SSLVPN appliance and laying bare a recent in-the-wild exploited bug. This time, it is Check Point who is the focus of our penetrative gaze.
Check Point, for those unaware, is the…
Check Point, for those unaware, is the…