Fsociety Hacking Tools Pack
https://gbhackers.com/fsociety-complete-hacking-tools/
#tools
#fsociety
@NetPentesters
https://gbhackers.com/fsociety-complete-hacking-tools/
#tools
#fsociety
@NetPentesters
GBHackers Security | #1 Globally Trusted Cyber Security News Platform
fsociety a Complete Hacking Tools pack that a Hacker Needs - Penetration Testing Framework
fsociety is a penetration testing framework consists of all penetration testing tools that a hacker needs. It includes all the tools that involved in the Mr. Robot Series.
1 - Active Directory penetration testing cheatsheet
Part 1: https://infosecwriteups.com/active-directory-penetration-testing-cheatsheet-5f45aa5b44ff
Part 2: https://infosecwriteups.com/active-directory-cheatsheet-part-2-b18e9aa2e73a
2 - Bypass Server Upload Restrictions
https://infosecwriteups.com/bypass-server-upload-restrictions-69054c5e1be4
#AD
#pentest
#bypass
@NetPentesters
Part 1: https://infosecwriteups.com/active-directory-penetration-testing-cheatsheet-5f45aa5b44ff
Part 2: https://infosecwriteups.com/active-directory-cheatsheet-part-2-b18e9aa2e73a
2 - Bypass Server Upload Restrictions
https://infosecwriteups.com/bypass-server-upload-restrictions-69054c5e1be4
#AD
#pentest
#bypass
@NetPentesters
Red Teaming and Social-Engineering related scripts, tools and CheatSheets
https://github.com/mgeeky/Penetration-Testing-Tools/tree/master/red-teaming
#RedTeam
#social_engineering
#pentest
@NetPentesters
https://github.com/mgeeky/Penetration-Testing-Tools/tree/master/red-teaming
#RedTeam
#social_engineering
#pentest
@NetPentesters
GitHub
Penetration-Testing-Tools/red-teaming at master · mgeeky/Penetration-Testing-Tools
A collection of more than 170+ tools, scripts, cheatsheets and other loots that I've developed over years for Red Teaming/Pentesting/IT Security audits purposes. - mgeeky/Penetration-Testing-Tools
Attacks on Azure AD and M365:
Pawning the cloud, PTA Skeleton Keys and more
https://www.inversecos.com/2021/10/attacks-on-azure-ad-and-m365-pawning.html
#Attack
#Azure
#Ad
#Cloud
#Microsoft
@NetPentesters
Pawning the cloud, PTA Skeleton Keys and more
https://www.inversecos.com/2021/10/attacks-on-azure-ad-and-m365-pawning.html
#Attack
#Azure
#Ad
#Cloud
#Microsoft
@NetPentesters
Appendix: Overview of Microsoft Identity Security Monitoring
https://github.com/Cloud-Architekt/AzureAD-Attack-Defense/blob/main/IdentitySecurityMonitoring.md
#Azure
#ad
@NetPentesters
https://github.com/Cloud-Architekt/AzureAD-Attack-Defense/blob/main/IdentitySecurityMonitoring.md
#Azure
#ad
@NetPentesters
ProxyToken (CVE-2021-33766) : An Authentication Bypass in Microsoft Exchange Server POC exploit
https://github.com/bhdresh/CVE-2021-33766
#exchange
#bypass
@NetPentesters
https://github.com/bhdresh/CVE-2021-33766
#exchange
#bypass
@NetPentesters
GitHub
GitHub - bhdresh/CVE-2021-33766: ProxyToken (CVE-2021-33766) : An Authentication Bypass in Microsoft Exchange Server POC exploit
ProxyToken (CVE-2021-33766) : An Authentication Bypass in Microsoft Exchange Server POC exploit - bhdresh/CVE-2021-33766
Pre-Auth SSRF To Full MailBox Access
(Microsoft Exchange Server Exploit)
https://vanshal.medium.com/pre-auth-ssrf-to-full-mailbox-access-microsoft-exchange-server-exploit-a62c8ac04b47
#SSRF
#Microsoft
#exchange
@NetPentesters
(Microsoft Exchange Server Exploit)
https://vanshal.medium.com/pre-auth-ssrf-to-full-mailbox-access-microsoft-exchange-server-exploit-a62c8ac04b47
#SSRF
#Microsoft
#exchange
@NetPentesters
Python implementation for Active Directory certificate abuse
https://github.com/ollypwn/Certipy
#python
#Ad
@NetPentesters
https://github.com/ollypwn/Certipy
#python
#Ad
@NetPentesters
Azure Privilege Escalation via Service Principal Abuse
https://posts.specterops.io/azure-privilege-escalation-via-service-principal-abuse-210ae2be2a5
#Azure
#privilege
@NetPentesters
https://posts.specterops.io/azure-privilege-escalation-via-service-principal-abuse-210ae2be2a5
#Azure
#privilege
@NetPentesters
SpecterOps
Azure Privilege Escalation via Service Principal Abuse - SpecterOps
Intro and Prior Work On-prem Active Directory is here to stay, and so is Azure Active Directory. While these products have similar names, they in fact work very differently from one another. There are hints of vanilla AD’s discretionary access control model…
Offensive WMI:
Part 1 - Basics
https://0xinfection.github.io/posts/wmi-basics-part-1
Part 2 - Exploring Namespaces, Classes & Methods
https://0xinfection.github.io/posts/wmi-classes-methods-part-2
Part 3 - Interacting with Windows Registry
https://0xinfection.github.io/posts/wmi-registry-part-3
#WMI
@NetPentesters
Part 1 - Basics
https://0xinfection.github.io/posts/wmi-basics-part-1
Part 2 - Exploring Namespaces, Classes & Methods
https://0xinfection.github.io/posts/wmi-classes-methods-part-2
Part 3 - Interacting with Windows Registry
https://0xinfection.github.io/posts/wmi-registry-part-3
#WMI
@NetPentesters
Offensive WMI: Reconnaissance & Enumeration
https://0xinfection.github.io/posts/wmi-recon-enum
#WMI
#Enumeration
#Reconnaissance
@NetPentesters
https://0xinfection.github.io/posts/wmi-recon-enum
#WMI
#Enumeration
#Reconnaissance
@NetPentesters
Active Directory Enumeration
https://0xinfection.github.io/posts/wmi-ad-enum
#AD
#Enumeration
#Microsoft
@NetPentesters
https://0xinfection.github.io/posts/wmi-ad-enum
#AD
#Enumeration
#Microsoft
@NetPentesters
MITRE ATT & CK Matrix, ver.10.0:
More Objects, Parity, and Features
https://attack.mitre.org/resources/updates/updates-october-2021
]-> https://github.com/mitre/cti/releases/tag/ATT%26CK-v10.0
#MITRE
#attack
@NetPentesters
More Objects, Parity, and Features
https://attack.mitre.org/resources/updates/updates-october-2021
]-> https://github.com/mitre/cti/releases/tag/ATT%26CK-v10.0
#MITRE
#attack
@NetPentesters
GitHub
Release ATT&CK version 10.0 · mitre/cti
See release notes for the content changes here
See a summary of STIX changes here
See a summary of STIX changes here
Attacking & Securing Active Directory
https://rmusser.net/docs/Active_Directory.html
#AD
#Pentest
#attack
@NetPentesters
https://rmusser.net/docs/Active_Directory.html
#AD
#Pentest
#attack
@NetPentesters
Attacking Azure/Azure AD
https://hausec.com/2021/10/26/attacking-azure-azure-ad-part-ii
#cloud
#Ad
#azure
@NetPentesters
https://hausec.com/2021/10/26/attacking-azure-azure-ad-part-ii
#cloud
#Ad
#azure
@NetPentesters
hausec
Attacking Azure & Azure AD, Part II
Abstract When I published my first article, Attacking Azure & Azure AD and Introducing PowerZure, I had no idea I was just striking the tip of the iceberg. Over the past eight months, my co-wor…
Full-featured C2 framework which silently persists
on webserver with a single-line PHP backdoor
https://github.com/nil0x42/phpsploit
#C2
#backdoor
@NetPentesters
on webserver with a single-line PHP backdoor
https://github.com/nil0x42/phpsploit
#C2
#backdoor
@NetPentesters
GitHub
GitHub - nil0x42/phpsploit: Full-featured C2 framework which silently persists on webserver with a single-line PHP backdoor
Full-featured C2 framework which silently persists on webserver with a single-line PHP backdoor - nil0x42/phpsploit