Active Directory ACL Visualizer and Explorer
adalanche tool gives instant results, showing you what permissions users and groups have in an Active Directory. It is useful for visualizing and exploring who can take over accounts, machines or the entire domain, and can be used to find and show misconfigurations.
https://github.com/lkarlslund/adalanche
#ad #acl #visualizer #blueteam #redteam
adalanche tool gives instant results, showing you what permissions users and groups have in an Active Directory. It is useful for visualizing and exploring who can take over accounts, machines or the entire domain, and can be used to find and show misconfigurations.
https://github.com/lkarlslund/adalanche
#ad #acl #visualizer #blueteam #redteam
Network Access Control (NAC) Bypass
This post will be all about Network Access Control (NAC) solutions and how they might lull you into a sense of security.
https://luemmelsec.github.io/I-got-99-problems-but-my-NAC-aint-one/
#nac #bypass #pentest
This post will be all about Network Access Control (NAC) solutions and how they might lull you into a sense of security.
https://luemmelsec.github.io/I-got-99-problems-but-my-NAC-aint-one/
#nac #bypass #pentest
luemmelsec.github.io
I got 99 problems but my NAC ain´t one
This post will be all about Network Access Control (NAC) solutions and how they might lull you into a sense of security.
Designed to keep rouge devices out of your network, I´ll show you ways around it, as well as ways to protect yourself.
From a pentester´s…
Designed to keep rouge devices out of your network, I´ll show you ways around it, as well as ways to protect yourself.
From a pentester´s…
Ares
This project is a PoC loader written in C/C++ based on the Transacted Hollowing technique. It features:
— PPID spoofing
— Dynamic function resolution with API hashing
— NTDLL unhooking
— AES256 CBC Encryption
— CIG to block non-Microsoft-signed binaries
https://github.com/Cerbersec/Ares
#edr #evasion #cpp
This project is a PoC loader written in C/C++ based on the Transacted Hollowing technique. It features:
— PPID spoofing
— Dynamic function resolution with API hashing
— NTDLL unhooking
— AES256 CBC Encryption
— CIG to block non-Microsoft-signed binaries
https://github.com/Cerbersec/Ares
#edr #evasion #cpp
GitHub
GitHub - Cerbersec/Ares: Project Ares is a Proof of Concept (PoC) loader written in C/C++ based on the Transacted Hollowing technique
Project Ares is a Proof of Concept (PoC) loader written in C/C++ based on the Transacted Hollowing technique - Cerbersec/Ares
👍1
Vergilius
A collection of Microsoft Windows kernel structures, unions and enumerations. Most of them are not officially documented and cannot be found in Windows Driver Kit (WDK) headers. The target audience of this site is driver developers and kernel researches
https://www.vergiliusproject.com/
#windows #driver #kernel
A collection of Microsoft Windows kernel structures, unions and enumerations. Most of them are not officially documented and cannot be found in Windows Driver Kit (WDK) headers. The target audience of this site is driver developers and kernel researches
https://www.vergiliusproject.com/
#windows #driver #kernel
Malware Analysis: Syscalls
Great guide and overview about Syscalls and how to start diagnosing them.
https://jmpesp.me/malware-analysis-syscalls-example/
#maldev #cpp #syscall
Great guide and overview about Syscalls and how to start diagnosing them.
https://jmpesp.me/malware-analysis-syscalls-example/
#maldev #cpp #syscall
Active Directory Checklist — Attack & Defense Cheatsheet
https://cybersecuritynews.com/active-directory-checklist/
#ad #cheatsheet #redteam #blueteam
https://cybersecuritynews.com/active-directory-checklist/
#ad #cheatsheet #redteam #blueteam
Cyber Security News
Active Directory Attack Kill Chain Checklist & Tools List- 2025
Here we are elaborating the tactics, techniques, and procedures (TTPs) attackers are leveraging to compromise active directory and guidance
DevSecOps pipelines
— Secrets scan
— Code scan
— Dependency check (code libraries + image packages)
— DAST
— Exposures check
Pipelines:
https://gitlab.com/whitespots-public/pipelines
Security scanners:
https://gitlab.com/whitespots-public/security-images
Example project integration:
https://gitlab.com/whitespots-public/vulnerable-python-app
#appsec #devsecops #pipelines
— Secrets scan
— Code scan
— Dependency check (code libraries + image packages)
— DAST
— Exposures check
Pipelines:
https://gitlab.com/whitespots-public/pipelines
Security scanners:
https://gitlab.com/whitespots-public/security-images
Example project integration:
https://gitlab.com/whitespots-public/vulnerable-python-app
#appsec #devsecops #pipelines
🔥3👍2
LDAP Relay Scan
A tool to check Domain Controllers for LDAP server protections regarding the relay of NTLM authentication.
https://github.com/zyn3rgy/LdapRelayScan
#ad #ldap #scan #tools
A tool to check Domain Controllers for LDAP server protections regarding the relay of NTLM authentication.
https://github.com/zyn3rgy/LdapRelayScan
#ad #ldap #scan #tools
GitHub
GitHub - zyn3rgy/LdapRelayScan: Check for LDAP protections regarding the relay of NTLM authentication
Check for LDAP protections regarding the relay of NTLM authentication - zyn3rgy/LdapRelayScan
Adding DCSync Permissions from Linux
https://www.n00py.io/2022/01/adding-dcsync-permissions-from-linux/
#ad #dcsync #linux
https://www.n00py.io/2022/01/adding-dcsync-permissions-from-linux/
#ad #dcsync #linux
www.n00py.io
Adding DCSync Permissions from Linux
Recently I came upon an attack path in BloodHound that looked like this: I had control of a computer object (an Exchange server) that effectively had WriteDacl over the domain. I had a few constraints as well: All systems were configured with EDR I only had…
Process Ghosting
This article describes a new executable image tampering attack similar to, but distinct from, Doppelgänging and Herpaderping. With this technique, an attacker can write a piece of malware to disk in such a way that it’s difficult to scan or delete it — and where it then executes the deleted malware as though it were a regular file on disk. This technique does not involve code injection, process hollowing, or Transactional NTFS (TxF).
Research:
https://www.elastic.co/blog/process-ghosting-a-new-executable-image-tampering-attack
C# Code Snippet:
https://github.com/Wra7h/SharpGhosting
#edr #evasion #process #ghosting #csharp
This article describes a new executable image tampering attack similar to, but distinct from, Doppelgänging and Herpaderping. With this technique, an attacker can write a piece of malware to disk in such a way that it’s difficult to scan or delete it — and where it then executes the deleted malware as though it were a regular file on disk. This technique does not involve code injection, process hollowing, or Transactional NTFS (TxF).
Research:
https://www.elastic.co/blog/process-ghosting-a-new-executable-image-tampering-attack
C# Code Snippet:
https://github.com/Wra7h/SharpGhosting
#edr #evasion #process #ghosting #csharp
🔥3
aesKrbKeyGen
Script to calculate Active Directory Kerberos keys (AES256 and AES128) for an account, using its plaintext password. Either of the resulting keys can be utilized with Impacket's
https://github.com/Tw1sm/AesKrbKeyGen
#ad #kerbeos #tgt #tools
Script to calculate Active Directory Kerberos keys (AES256 and AES128) for an account, using its plaintext password. Either of the resulting keys can be utilized with Impacket's
getTGT.py to obtain a TGT for the account, provided it is configured to support AES encryption.https://github.com/Tw1sm/AesKrbKeyGen
#ad #kerbeos #tgt #tools
GitHub
GitHub - Tw1sm/aesKrbKeyGen: Generate AES128/256 Kerberos keys for an AD account using a plaintext password and Python3
Generate AES128/256 Kerberos keys for an AD account using a plaintext password and Python3 - Tw1sm/aesKrbKeyGen
Finding Sensitive Files for BugBounty
—
—
/proc/self/cwd/index.php
— /proc/self/cwd/main.py
— /etc/motd
— /proc/net/udp
— /proc/net/arp
— /proc/self/environ
— /var/run/secrets/kubernetes.io/serviceaccount
— /proc/cmdline
— /proc/mounts
— /etc/motd
— /etc/mysql/my.cnf
— /proc/sched_debug
— /home/ user/.bash_history
— /home/user/.ssh/id_rsa
#sensitive #files #bugbounty #bugbountytips👍1
Custom Previews For Malicious Attachments
A phishing technique that allows attackers to create fake previews for their malicious attachment with Google Mail.
https://mrd0x.com/phishing-google-users-by-spoofing-previews/
#phishing #gmail #attachments
A phishing technique that allows attackers to create fake previews for their malicious attachment with Google Mail.
https://mrd0x.com/phishing-google-users-by-spoofing-previews/
#phishing #gmail #attachments
Anti-Spam Bypass
A script that helps you understand why your E-Mail ended up in Spam
https://github.com/mgeeky/decode-spam-headers
#phishing #anispam #bypass
A script that helps you understand why your E-Mail ended up in Spam
https://github.com/mgeeky/decode-spam-headers
#phishing #anispam #bypass
🔥1
Log4j — WAF and Patches Bypass Tricks
https://github.com/Puliczek/CVE-2021-44228-PoC-log4j-bypass-words
#log4j #waf #bypass #bugbounty
https://github.com/Puliczek/CVE-2021-44228-PoC-log4j-bypass-words
#log4j #waf #bypass #bugbounty
GitHub
GitHub - Puliczek/CVE-2021-44228-PoC-log4j-bypass-words: 🐱💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks
🐱💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks - Puliczek/CVE-2021-44228-PoC-log4j-bypass-words
This media is not supported in your browser
VIEW IN TELEGRAM
CRLF OneLiner
A simple Bash one liner with aim to automate CRLF vulnerability scanning. This is an extremely helpful and practical One liner for Bug Hunters, which helps you find CRLF missconfiguration in every possible method. Simply replace the links in subdomains.txt with the URL you want to target. This will help you scan for CRLF vulnerability without the need of an external tool. What you have to do is to copy-and-paste the commands into your terminal and finger crossed for any possible CRLF.
Bash OneLiner:
https://raw.githubusercontent.com/kleiton0x00/CRLF-one-liner/master/crlf_payloads.txt
#crlf #bash #oneliner #bugbounty
A simple Bash one liner with aim to automate CRLF vulnerability scanning. This is an extremely helpful and practical One liner for Bug Hunters, which helps you find CRLF missconfiguration in every possible method. Simply replace the links in subdomains.txt with the URL you want to target. This will help you scan for CRLF vulnerability without the need of an external tool. What you have to do is to copy-and-paste the commands into your terminal and finger crossed for any possible CRLF.
Bash OneLiner:
input='CRLF-one-liner/subdomains.txt';while IFS= read -r targets; do cat CRLF-one-liner/crlf_payloads.txt |xargs -I % sh -c "curl -vs --max-time 9 $targets/% 2>&1 |grep -q '< Set-Cookie: ?crlf'&& echo $targets '[+] is vulnerable with payload: '%>>crlf_results.txt||echo '[-] Not vulnerable: '$targets";done<$input
crlf_payloads.txt: https://raw.githubusercontent.com/kleiton0x00/CRLF-one-liner/master/crlf_payloads.txt
#crlf #bash #oneliner #bugbounty
👍1
Create a Hidden Account in Windows
A tool for creating hidden accounts using the registry.
In addition to adding hidden accounts, the tool also adds functions to check hidden accounts and delete hidden accounts, so that both the red team and the blue team can use this tool.
https://github.com/wgpsec/CreateHiddenAccount
#ad #windows #hidden #account
A tool for creating hidden accounts using the registry.
In addition to adding hidden accounts, the tool also adds functions to check hidden accounts and delete hidden accounts, so that both the red team and the blue team can use this tool.
https://github.com/wgpsec/CreateHiddenAccount
#ad #windows #hidden #account
👍2
RefleXXion
RefleXXion is a utility designed to aid in bypassing user-mode hooks utilised by AV/EPP/EDR etc. In order to bypass the user-mode hooks, it first collects the syscall numbers of the NtOpenFile, NtCreateSection, NtOpenSection and NtMapViewOfSection found in the LdrpThunkSignature array.
https://github.com/hlldz/RefleXXion
#edr #evasion #cpp #redteam
RefleXXion is a utility designed to aid in bypassing user-mode hooks utilised by AV/EPP/EDR etc. In order to bypass the user-mode hooks, it first collects the syscall numbers of the NtOpenFile, NtCreateSection, NtOpenSection and NtMapViewOfSection found in the LdrpThunkSignature array.
https://github.com/hlldz/RefleXXion
#edr #evasion #cpp #redteam