» Active Directory Security Risk #101: Kerberos Unconstrained Delegation (or How Compromise of a Single Server Can Compromise the Domain) » Active Directory Security
https://adsecurity.org/?p=1667
https://adsecurity.org/?p=1667
Active Directory & Azure AD/Entra ID Security
Active Directory Security Risk #101: Kerberos Unconstrained Delegation (or How Compromise of a Single Server Can Compromise the…
At Black Hat USA 2015 this summer (2015), I spoke about the danger in having Kerberos Unconstrained Delegation configured in the environment. When Active Directory was first released with Windows 2000 Server, Microsoft had to provide a simple mechanism to…
GitHub - rarecoil/pantagrule: hashcat rules generated from over 840 million compromised passwords
https://github.com/rarecoil/pantagrule
https://github.com/rarecoil/pantagrule
GitHub
GitHub - rarecoil/pantagrule: large hashcat rulesets generated from real-world compromised passwords
large hashcat rulesets generated from real-world compromised passwords - rarecoil/pantagrule
GitHub - earthquake/SocksOverRDP: Socks5 Proxy support for Remote Desktop Protocol / Terminal Services
https://github.com/earthquake/SocksOverRDP
https://github.com/earthquake/SocksOverRDP
GitHub
GitHub - nccgroup/SocksOverRDP: Socks5/4/4a Proxy support for Remote Desktop Protocol / Terminal Services / Citrix / XenApp / XenDesktop
Socks5/4/4a Proxy support for Remote Desktop Protocol / Terminal Services / Citrix / XenApp / XenDesktop - nccgroup/SocksOverRDP
Malware development part 1 – 0xPat blog – Red Teamer, infosec enthusiast
https://0xpat.github.io/Malware_development_part_1/
https://0xpat.github.io/Malware_development_part_1/
0xpat.github.io
Malware development part 1 - basics
Introduction
This is the first post of a series which regards development of malicious software. In this series we will explore and try to implement multiple techniques used by malicious applications to execute code, hide from defenses and persist.
Let’s…
This is the first post of a series which regards development of malicious software. In this series we will explore and try to implement multiple techniques used by malicious applications to execute code, hide from defenses and persist.
Let’s…
LARRYCHATTER/README.md at master · slaeryan/LARRYCHATTER · GitHub
https://github.com/slaeryan/LARRYCHATTER/blob/master/README.md
https://github.com/slaeryan/LARRYCHATTER/blob/master/README.md
GitHub
slaeryan/LARRYCHATTER
Covert C2 Framework - PoC HAMMERTOSS Revenant - C2 over Twitter - slaeryan/LARRYCHATTER
Printer Spoofer - Abusing Impersonation Privileges on Windows 10 and Server 2019 | PS C:\Users\itm4n> _
https://itm4n.github.io/printspoofer-abusing-impersonate-privileges/
https://itm4n.github.io/printspoofer-abusing-impersonate-privileges/
itm4n’s blog
PrintSpoofer - Abusing Impersonation Privileges on Windows 10 and Server 2019
Over the last few years, tools such as RottenPotato, RottenPotatoNG or Juicy Potato have made the exploitation of impersonation privileges on Windows very popular among the offensive security community. Though, recent changes to the operating system have…
GitHub - blackarrowsec/pivotnacci: A tool to make socks connections through HTTP agents
https://github.com/blackarrowsec/pivotnacci
https://github.com/blackarrowsec/pivotnacci
GitHub
GitHub - blackarrowsec/pivotnacci: A tool to make socks connections through HTTP agents
A tool to make socks connections through HTTP agents - blackarrowsec/pivotnacci
GitHub - riramar/Web-Attack-Cheat-Sheet: Web Attack Cheat Sheet
https://github.com/riramar/Web-Attack-Cheat-Sheet
https://github.com/riramar/Web-Attack-Cheat-Sheet
GitHub
GitHub - riramar/Web-Attack-Cheat-Sheet: Web Attack Cheat Sheet
Web Attack Cheat Sheet. Contribute to riramar/Web-Attack-Cheat-Sheet development by creating an account on GitHub.
Bypassing Windows Defender Runtime Scanning
https://labs.f-secure.com/blog/bypassing-windows-defender-runtime-scanning/
https://labs.f-secure.com/blog/bypassing-windows-defender-runtime-scanning/
GitHub - sundowndev/hacker-roadmap: Your beginner pen-testing start guide. A guide for amateur pen testers and a collection of hacking tools, resources and references to practice ethical hacking and web security.
https://github.com/sundowndev/hacker-roadmap
https://github.com/sundowndev/hacker-roadmap
GitHub
GitHub - sundowndev/hacker-roadmap: A collection of hacking tools, resources and references to practice ethical hacking.
A collection of hacking tools, resources and references to practice ethical hacking. - sundowndev/hacker-roadmap
Privilege escalation (UAC bypass) in ChangePK - Matt harr0ey - Medium
https://medium.com/@mattharr0ey/privilege-escalation-uac-bypass-in-changepk-c40b92818d1b
https://medium.com/@mattharr0ey/privilege-escalation-uac-bypass-in-changepk-c40b92818d1b
Medium
Privilege escalation (UAC bypass) in ChangePK
Introduction It’s been a long time since I decided to to be away from Twitter for a while for self-improvements reasons and finding…
GitHub - Flangvik/NetLoader: Loads any C# binary in mem, patching AMSI and bypassing Windows Defender
https://github.com/Flangvik/NetLoader
https://github.com/Flangvik/NetLoader
GitHub
GitHub - Flangvik/NetLoader: Loads any C# binary in mem, patching AMSI + ETW.
Loads any C# binary in mem, patching AMSI + ETW. . Contribute to Flangvik/NetLoader development by creating an account on GitHub.
Release CrackMapExec v5.0.2dev · byt3bl33d3r/CrackMapExec · GitHub
https://github.com/byt3bl33d3r/CrackMapExec/releases/tag/v5.0.2dev
https://github.com/byt3bl33d3r/CrackMapExec/releases/tag/v5.0.2dev
GitHub
Release CrackMapExec v5.0.2dev - P3l1as · byt3bl33d3r/CrackMapExec
CrackMapExec v5.0.2dev - P3l1as
💫 Features 💫
CME accepts a file as argument with option -x and -X
WinRM can now execute a command even if not local admin thanks to pypsrp lib
Kerberos support i...
💫 Features 💫
CME accepts a file as argument with option -x and -X
WinRM can now execute a command even if not local admin thanks to pypsrp lib
Kerberos support i...
GitHub - noptrix/sshprank: A fast SSH mass-scanner, login cracker and banner grabber tool using the python-masscan and shodan module.
https://github.com/noptrix/sshprank
https://github.com/noptrix/sshprank
GitHub
GitHub - noptrix/sshprank: A fast SSH mass-scanner, login cracker, banner grabber and password auth checker tool using the python…
A fast SSH mass-scanner, login cracker, banner grabber and password auth checker tool using the python-masscan and shodan module. - noptrix/sshprank
GitHub - GitHackTools/TorghostNG: TorghostNG - Make all your internet traffic anonymized with Tor network. Rewritten from TorGhost with Python 3
https://github.com/GitHackTools/TorghostNG
https://github.com/GitHackTools/TorghostNG
wget -nd -r -l 10 -e robots=off url
download all files, don’t preserve directories (-nd), recursively download (-r), go at least 10 levels down (-l 10), and most importantly: ignore robots.txt
Get it all
download all files, don’t preserve directories (-nd), recursively download (-r), go at least 10 levels down (-l 10), and most importantly: ignore robots.txt
Get it all
Avira Free Antivirus password collector - Nikolenko Konstantin - Medium
https://medium.com/@knikolenko/avira-free-antivirus-password-collector-83452fa7f943
https://medium.com/@knikolenko/avira-free-antivirus-password-collector-83452fa7f943
GitHub - tothi/rbcd-attack: Kerberos Resource-Based Constrained Delegation Attack from Outside using Impacket
https://github.com/tothi/rbcd-attack
https://github.com/tothi/rbcd-attack
GitHub
GitHub - tothi/rbcd-attack: Kerberos Resource-Based Constrained Delegation Attack from Outside using Impacket
Kerberos Resource-Based Constrained Delegation Attack from Outside using Impacket - tothi/rbcd-attack
GitHub - thelinuxchoice/evilreg: Reverse shell using Windows Registry files (.reg)
https://github.com/thelinuxchoice/evilreg
https://github.com/thelinuxchoice/evilreg