A cross-platforms tool to find and decrypt Group Policy Preferences passwords from the SYSVOL share using low-privileged domain accounts.
🚀 Features:
— Only requires a low privileges domain user account.
— Automatically gets the list of all domain controllers from the LDAP.
— Finds all the Group Policy Preferences Passwords present in SYSVOL share on each domain controller.
— Decrypts the passwords and prints them in cleartext.
— Outputs to a Excel file.
🔗 Source:
https://github.com/p0dalirius/FindGPPPasswords
#ad #windows #gpo #credentials
Please open Telegram to view this post
VIEW IN TELEGRAM
1🔥15👍5❤4🤔1
🔑 lsassStealer
lsassStealer is a tool designed to dump the memory of the Windows process "lsass.exe". The dump is performed entirely in RAM, then compressed using the zlib library and fragmented for transmission via UDP packets disguised as NTP packets. This method helps reduce detection by security solutions such as Windows Defender and advanced Endpoint Detection and Response (EDR) tools.
🔗 Source:
https://github.com/Aur3ns/lsassStealer
#windows #lsass #edr #bypass
lsassStealer is a tool designed to dump the memory of the Windows process "lsass.exe". The dump is performed entirely in RAM, then compressed using the zlib library and fragmented for transmission via UDP packets disguised as NTP packets. This method helps reduce detection by security solutions such as Windows Defender and advanced Endpoint Detection and Response (EDR) tools.
🔗 Source:
https://github.com/Aur3ns/lsassStealer
#windows #lsass #edr #bypass
GitHub
GitHub - Aur3ns/LsassStealer: Morpheus is an lsass stealer that extracts lsass.exe in RAM and exfiltrates it via forged and crypted…
Morpheus is an lsass stealer that extracts lsass.exe in RAM and exfiltrates it via forged and crypted NTP packets. For authorized testing only! - Aur3ns/LsassStealer
1🔥18🤯4👍3❤1
Forwarded from Ralf Hacker Channel (Ralf Hacker)
При эксплуатации уязвимостей ADCS могут возникать разные ошибки. В блоге подробно рассмотрены причины популярных ошибок, а также варианты решения этих проблем
https://sensepost.com/blog/2025/diving-into-ad-cs-exploring-some-common-error-messages/
#pentest #redteam #adcs
https://sensepost.com/blog/2025/diving-into-ad-cs-exploring-some-common-error-messages/
#pentest #redteam #adcs
Sensepost
SensePost | Diving into ad cs: exploring some common error messages
Leaders in Information Security
1🔥12
🔎 Radar
Tiny tool to identify technologies and services used by domains through their DNS footprints
🔗 Source:
https://github.com/Elite-Security-Systems/radar
#pentest #discovery #recon
Tiny tool to identify technologies and services used by domains through their DNS footprints
🔗 Source:
https://github.com/Elite-Security-Systems/radar
#pentest #discovery #recon
1👍20❤2
Forwarded from Ralf Hacker Channel (Ralf Hacker)
NTLM релей в WinRMS, не ждали? А вот...
Blog: https://sensepost.com/blog/2025/is-tls-more-secure-the-winrms-case./
Soft: https://github.com/fortra/impacket/pull/1947
#pentest #redteam #relay #ad #lateralmovement
Blog: https://sensepost.com/blog/2025/is-tls-more-secure-the-winrms-case./
Soft: https://github.com/fortra/impacket/pull/1947
#pentest #redteam #relay #ad #lateralmovement
🔥10❤3👍3😁1
Forwarded from 1N73LL1G3NC3
CVE-2025-21204: LPE in Windows Update Stack
A local privilege escalation flaw in the Windows Update Stack. By abusing directory junctions or symbolic links, attackers can hijack trusted paths accessed by SYSTEM-level processes like MoUsoCoreWorker.exe and execute arbitrary code with elevated privileges.
Blog: https://cyberdom.blog/abusing-the-windows-update-stack-to-gain-system-access-cve-2025-21204/
A local privilege escalation flaw in the Windows Update Stack. By abusing directory junctions or symbolic links, attackers can hijack trusted paths accessed by SYSTEM-level processes like MoUsoCoreWorker.exe and execute arbitrary code with elevated privileges.
Blog: https://cyberdom.blog/abusing-the-windows-update-stack-to-gain-system-access-cve-2025-21204/
🔥10👍6❤5🤔1
Forwarded from Just Security
This media is not supported in your browser
VIEW IN TELEGRAM
Открыли прием заявок на Pentest award 2025!
💡 Каждый год мы зажигаем новые яркие лампочки в гирлянде отечественного рынка кибербезопасности — компетентных специалистов, которые остаются за кадром большой работы по поиску уязвимостей.
Участие все еще бесплатное, а прием заявок продлиться до 30 июня. В этом году появились новые номинации от спонсоров проекта: Совкомбанк Технологии и BI.ZONE Bug Bounty.
🥇 Главный приз за победу — стеклянная именная статуэтка и макбук!
🥈🥉За вторые и третьи места призеры получат айфоны и смарт-часы.
🎬 OFFZONE подарит финалистам билеты на свою конференцию 2025.
✏️ А учебный центр CyberEd гранты на обучения.
Ну и конечно, самая ценная награда за участие — почет и уважение сообщества этичных хакеров.
Отправляйте заявки на сайте, участвуйте и побеждайте!
Участие все еще бесплатное, а прием заявок продлиться до 30 июня. В этом году появились новые номинации от спонсоров проекта: Совкомбанк Технологии и BI.ZONE Bug Bounty.
🥈🥉За вторые и третьи места призеры получат айфоны и смарт-часы.
Ну и конечно, самая ценная награда за участие — почет и уважение сообщества этичных хакеров.
Отправляйте заявки на сайте, участвуйте и побеждайте!
Please open Telegram to view this post
VIEW IN TELEGRAM
👎11❤4🔥2👍1
Forwarded from Offensive Xwitter
😈 [ Toffy @toffyrak ]
I have just released my first tool: GPOHound 🚀
GPOHound is an offensive tool for dumping and analysing GPOs. It leverages BloodHound data and enriches it with insights extracted from the analysis.
Check it out here:
🔗 https://github.com/cogiceo/GPOHound
🐥 [ tweet ]
I have just released my first tool: GPOHound 🚀
GPOHound is an offensive tool for dumping and analysing GPOs. It leverages BloodHound data and enriches it with insights extracted from the analysis.
Check it out here:
🔗 https://github.com/cogiceo/GPOHound
🐥 [ tweet ]
🔥20❤6
🔐 Bitrix CMS Ultimate Pentest Guide
A detailed guide on penetration testing for 1C-Bitrix CMS, one of the most popular content management systems in CIS countries. The guide covers authentication bypasses, XSS, SSRF, LFI, RCE exploits, WAF bypass methods, and vulnerabilities in third-party modules (especially Aspro).
🔗 Source:
https://pentestnotes.ru/notes/bitrix_pentest_full/
#1c #bitrix #web
A detailed guide on penetration testing for 1C-Bitrix CMS, one of the most popular content management systems in CIS countries. The guide covers authentication bypasses, XSS, SSRF, LFI, RCE exploits, WAF bypass methods, and vulnerabilities in third-party modules (especially Aspro).
🔗 Source:
https://pentestnotes.ru/notes/bitrix_pentest_full/
#1c #bitrix #web
2🔥15👍8😁6❤2
Forwarded from Ralf Hacker Channel (Ralf Hacker)
CVE-2025-33073: Reflective Kerberos Relay (LPE)
Blog: https://blog.redteam-pentesting.de/2025/reflective-kerberos-relay-attack/
Patched: June 10, 2025
Интересная LPE с релеем на себя... Даже CVE есть)
#lpe #ad #relay #pentest #redteam
Blog: https://blog.redteam-pentesting.de/2025/reflective-kerberos-relay-attack/
Patched: June 10, 2025
Интересная LPE с релеем на себя... Даже CVE есть)
#lpe #ad #relay #pentest #redteam
RedTeam Pentesting - Blog
A Look in the Mirror - The Reflective Kerberos Relay Attack
It is a sad truth in IT security that some vulnerabilities never quite want to die and time and time again, vulnerabilities that have long been fixed get revived and come right back at you. While researching relay attacks, the bane of Active …
❤7🔥4👍2
Forwarded from Offensive Xwitter
Успейте подать заявку на Pentest Award 2025 до 30 июня!
Это отраслевая награда для специалистов по тестированию на проникновение, которая проводится уже в третий раз. Основная задача премии — выделить лучших специалистов и показать их вклад в развитие российского пентеста.
Участие бесплатное, финалисты получат технику apple и максимальный почет сообщества этичных хакеров. Церемония награждения будет проходить 1 августа в Москве.
Заявка на премию — это рассказ о лучшем проекте в свободной форме. Не нужно раскрывать эксплоиты, любые шаги в цепочке эксплуатации могут быть полностью анонимны, а детали могут быть скрыты, важно отразить сам подход и идею.
Подать заявку и узнать больше информации можно на сайте — https://award.awillix.ru/
Это отраслевая награда для специалистов по тестированию на проникновение, которая проводится уже в третий раз. Основная задача премии — выделить лучших специалистов и показать их вклад в развитие российского пентеста.
Участие бесплатное, финалисты получат технику apple и максимальный почет сообщества этичных хакеров. Церемония награждения будет проходить 1 августа в Москве.
Заявка на премию — это рассказ о лучшем проекте в свободной форме. Не нужно раскрывать эксплоиты, любые шаги в цепочке эксплуатации могут быть полностью анонимны, а детали могут быть скрыты, важно отразить сам подход и идею.
Подать заявку и узнать больше информации можно на сайте — https://award.awillix.ru/
❤5🔥5👍4🤔2
🔍 NauthNRPC
A Python tool that introduces a new method for gathering domain information, including the enumeration of domain users. The tool leverages auth-level = 1 (No authentication) against the MS-NRPC (Netlogon) interface on domain controllers. All that's required is the domain controller's IP address, and the entire process can be completed without providing any credentials.
🔗 Research:
https://securelist.com/no-auth-domain-information-enumeration/112629/
🔗 Source:
https://github.com/sud0Ru/NauthNRPC
#ad #enum #netlogon #rpc
A Python tool that introduces a new method for gathering domain information, including the enumeration of domain users. The tool leverages auth-level = 1 (No authentication) against the MS-NRPC (Netlogon) interface on domain controllers. All that's required is the domain controller's IP address, and the entire process can be completed without providing any credentials.
🔗 Research:
https://securelist.com/no-auth-domain-information-enumeration/112629/
🔗 Source:
https://github.com/sud0Ru/NauthNRPC
#ad #enum #netlogon #rpc
4🔥25👍6❤1
🔀 LdrShuffle
Code execution/injection technique using
🔗 Source:
https://github.com/RWXstoned/LdrShuffle
#windows #peb #dll #injection #evasion
Code execution/injection technique using
_LDR_DATA_TABLE_ENTRY structure manipulation in PEB to redirect EntryPoint of loaded DLLs. Allows code execution without using classic APIs like CreateRemoteThread or QueueUserAPC.🔗 Source:
https://github.com/RWXstoned/LdrShuffle
#windows #peb #dll #injection #evasion
1🔥9👍7❤1
This media is not supported in your browser
VIEW IN TELEGRAM
🩸 CitrixBleed 2 — Citrix NetScaler Memory Leak (CVE-2025-5777)
Critical memory leak vulnerability in Citrix NetScaler ADC/Gateway. Sending malformed POST request with login parameter without value causes server to return ~127 bytes of uninitialized stack memory, including session tokens, enabling MFA bypass and active session hijacking.
🔗 Research:
https://horizon3.ai/attack-research/attack-blogs/cve-2025-5777-citrixbleed-2-write-up-maybe/
🔗 Source:
https://github.com/win3zz/CVE-2025-5777
#citrix #netscaler #memoryleak #exploit
Critical memory leak vulnerability in Citrix NetScaler ADC/Gateway. Sending malformed POST request with login parameter without value causes server to return ~127 bytes of uninitialized stack memory, including session tokens, enabling MFA bypass and active session hijacking.
🔗 Research:
https://horizon3.ai/attack-research/attack-blogs/cve-2025-5777-citrixbleed-2-write-up-maybe/
🔗 Source:
https://github.com/win3zz/CVE-2025-5777
#citrix #netscaler #memoryleak #exploit
👍13❤8🔥7
This is a tool for red and blue teams that transforms BloodHound data into a fully functional, Active Directory replica environment via the Ludus framework for controlled testing. This tool can be used to replicate most AD objects and permissions or can be used to replicate a specific Attack Path.
🔗 Research:
https://specterops.io/blog/2025/07/14/ludushound-raising-bloodhound-attack-paths-to-life/
🔗 Source:
https://gitlab.com/badsectorlabs/ludus
#ad #bloodhound #ludus #replica
Please open Telegram to view this post
VIEW IN TELEGRAM
1❤7👍3👎2🔥2
🔥 MS-RPC-Fuzzer
PowerShell-based fuzzer that automates MS-RPC vulnerability research by dynamically creating RPC clients and fuzzing procedures with random inputs. Visualizes results through Neo4j graphs to help researchers identify potentially vulnerable RPC services.
🔗 Research:
https://www.incendium.rocks/posts/Automating-MS-RPC-Vulnerability-Research/
🔗 Source:
https://github.com/warpnet/MS-RPC-Fuzzer
#rpc #fuzzing #windows #vulnerability #research
PowerShell-based fuzzer that automates MS-RPC vulnerability research by dynamically creating RPC clients and fuzzing procedures with random inputs. Visualizes results through Neo4j graphs to help researchers identify potentially vulnerable RPC services.
🔗 Research:
https://www.incendium.rocks/posts/Automating-MS-RPC-Vulnerability-Research/
🔗 Source:
https://github.com/warpnet/MS-RPC-Fuzzer
#rpc #fuzzing #windows #vulnerability #research
2🔥15👍1
🔑 Golden DMSA
Critical vulnerability in Windows Server 2025 allows attackers with KDS root key access to generate passwords for all dMSA/gMSA accounts forest-wide. New research reveals design flaw in ManagedPasswordId structure - only 1,024 possible combinations makes brute-force trivial.
🔗 Research:
https://www.semperis.com/blog/golden-dmsa-what-is-dmsa-authentication-bypass/
🔗 Source:
https://github.com/Semperis/GoldenDMSA
#ad #windows #dmsa #kerberos #persistence
Critical vulnerability in Windows Server 2025 allows attackers with KDS root key access to generate passwords for all dMSA/gMSA accounts forest-wide. New research reveals design flaw in ManagedPasswordId structure - only 1,024 possible combinations makes brute-force trivial.
🔗 Research:
https://www.semperis.com/blog/golden-dmsa-what-is-dmsa-authentication-bypass/
🔗 Source:
https://github.com/Semperis/GoldenDMSA
#ad #windows #dmsa #kerberos #persistence
❤14🔥11👍4👎3🤔3