Awesome security hardening.
• مجموعه ای حجیم از مواد مختلف با موضوع افزایش امنیت. از راهنمایی های دقیق تا ابزارها و معیارهای اساسی:
• Security Hardening Guides and Best Practices;
— Hardening Guide Collections;
— GNU/Linux;
- Red Hat Enterprise Linux - RHEL;
- CentOS;
- SUSE;
- Ubuntu;
— Windows;
— macOS;
— Network Devices;
- Switches;
- Routers;
- IPv6;
- Firewalls;
— Virtualization - VMware;
— Containers - Docker - Kubernetes;
— Services;
- SSH;
- TLS/SSL;
- Web Servers;
- Mail Servers;
- FTP Servers;
- Database Servers;
- Active Directory;
- ADFS;
- Kerberos;
- LDAP;
- DNS;
- NTP;
- NFS;
- CUPS;
— Authentication - Passwords;
— Hardware - CPU - BIOS - UEFI;
— Cloud;
• Tools;
— Tools to check security hardening;
- GNU/Linux;
- Windows;
- Network Devices;
- TLS/SSL;
- SSH;
- Hardware - CPU - BIOS - UEFI;
- Docker;
- Cloud;
— Tools to apply security hardening;
- GNU/Linux;
- Windows;
- TLS/SSL;
- Cloud;
— Password Generators;
• Books;
• Other Awesome Lists;
— Other Awesome Security Lists.
#Security #hardening
@Engineer_Computer
• مجموعه ای حجیم از مواد مختلف با موضوع افزایش امنیت. از راهنمایی های دقیق تا ابزارها و معیارهای اساسی:
• Security Hardening Guides and Best Practices;
— Hardening Guide Collections;
— GNU/Linux;
- Red Hat Enterprise Linux - RHEL;
- CentOS;
- SUSE;
- Ubuntu;
— Windows;
— macOS;
— Network Devices;
- Switches;
- Routers;
- IPv6;
- Firewalls;
— Virtualization - VMware;
— Containers - Docker - Kubernetes;
— Services;
- SSH;
- TLS/SSL;
- Web Servers;
- Mail Servers;
- FTP Servers;
- Database Servers;
- Active Directory;
- ADFS;
- Kerberos;
- LDAP;
- DNS;
- NTP;
- NFS;
- CUPS;
— Authentication - Passwords;
— Hardware - CPU - BIOS - UEFI;
— Cloud;
• Tools;
— Tools to check security hardening;
- GNU/Linux;
- Windows;
- Network Devices;
- TLS/SSL;
- SSH;
- Hardware - CPU - BIOS - UEFI;
- Docker;
- Cloud;
— Tools to apply security hardening;
- GNU/Linux;
- Windows;
- TLS/SSL;
- Cloud;
— Password Generators;
• Books;
• Other Awesome Lists;
— Other Awesome Security Lists.
#Security #hardening
@Engineer_Computer
GitHub
GitHub - decalage2/awesome-security-hardening: A collection of awesome security hardening guides, tools and other resources
A collection of awesome security hardening guides, tools and other resources - decalage2/awesome-security-hardening
Mind map of enumeration tools for different protocols: HTTP/HTTPs, SMD, LDAP, RPC, SMTP, FTP and others.
#smtp #ftp #ldap #http
@Engineer_Computer
#smtp #ftp #ldap #http
@Engineer_Computer
👍1👎1
Network Security Channel
1777790686123.pdf
🔍 Active Directory Enumeration Walkthrough: Mapping a Domain with pywerview
Just published a hands-on lab write-up demonstrating how an authenticated attacker with low-privileged credentials can enumerate a full Active Directory environment using pywerview — the Python port of the legendary PowerView module — and uncover real privilege escalation paths from a single foothold.
🔹 Lab Scenario:
Starting credentials: raj / Password@1 against the ignite.local domain. From this minimal access, mapping out users, groups, computers, delegation settings, ACLs, GPOs, and trust relationships — entirely over LDAP.
🔹 Key Findings Uncovered Through Enumeration:
✅ Domain Admin discovery — identified the aaru account via --admin-count filter (adminCount=1, member of Domain Admins)
✅ Kerberoastable SPN — the kavish account exposed via --spn, configured with TRUSTED_TO_AUTH_FOR_DELEGATION against a SQL server (constrained delegation w/ protocol transition)
✅ Unconstrained Delegation hosts — flagged via --unconstrained (a classic path to DC compromise)
✅ Backup Operators abuse path — user shivam enumerated as a member, opening NTDS.dit dump potential
✅ Trust enumeration — bidirectional forest trust to pentest.local discovered via get-netdomaintrust
✅ Domain policy extraction — password length, complexity, lockout thresholds, and Kerberos ticket lifetimes all readable from SYSVOL
🔹 pywerview Modules Demonstrated:
get-netdomain, get-netuser, get-netgroup, get-netgroupmember, get-netcomputer, get-netshare, get-netsession, get-netloggedon, get-netou, get-netsite, get-netsubnet, get-netgpo, get-domainpolicy, invoke-userhunter, invoke-processhunter, invoke-checklocaladminaccess, get-objectacl, get-netdomaintrust
🔹 Why This Matters for Defenders:
Every red-team finding above is a blue-team checklist item. Misconfigured delegation, stale adminCount=1 flags, over-privileged Backup Operators, and SPN sprawl on user accounts are the silent killers of AD environments. You can't harden what you can't see.
🔹 Key Lesson From the Lab:
A single low-privileged user is enough to map your entire domain, identify Tier 0 assets, and build a full attack graph — without ever touching a tool that triggers EDR. LDAP queries are noisy only if you're watching for them.
💼 Currently exploring new opportunities in Network & Cybersecurity Engineering — open to on-site, hybrid, or remote roles. I deliver hands-on services in network design, firewall deployment (Fortinet, Cisco), Active Directory hardening, ICS/OT security (IEC 62443, NIST), penetration testing, and infrastructure hardening.
#CyberSecurity #ActiveDirectory #RedTeam #PenetrationTesting #pywerview #PowerView #ADSecurity #LDAP #Kerberoasting #PrivilegeEscalation #InfoSec #BlueTeam #OpenToWork #NetworkSecurity #OffensiveSecurity
🔹 Share & Support Us 🔹
📱 Channel : @Engineer_Computer
Just published a hands-on lab write-up demonstrating how an authenticated attacker with low-privileged credentials can enumerate a full Active Directory environment using pywerview — the Python port of the legendary PowerView module — and uncover real privilege escalation paths from a single foothold.
🔹 Lab Scenario:
Starting credentials: raj / Password@1 against the ignite.local domain. From this minimal access, mapping out users, groups, computers, delegation settings, ACLs, GPOs, and trust relationships — entirely over LDAP.
🔹 Key Findings Uncovered Through Enumeration:
✅ Domain Admin discovery — identified the aaru account via --admin-count filter (adminCount=1, member of Domain Admins)
✅ Kerberoastable SPN — the kavish account exposed via --spn, configured with TRUSTED_TO_AUTH_FOR_DELEGATION against a SQL server (constrained delegation w/ protocol transition)
✅ Unconstrained Delegation hosts — flagged via --unconstrained (a classic path to DC compromise)
✅ Backup Operators abuse path — user shivam enumerated as a member, opening NTDS.dit dump potential
✅ Trust enumeration — bidirectional forest trust to pentest.local discovered via get-netdomaintrust
✅ Domain policy extraction — password length, complexity, lockout thresholds, and Kerberos ticket lifetimes all readable from SYSVOL
🔹 pywerview Modules Demonstrated:
get-netdomain, get-netuser, get-netgroup, get-netgroupmember, get-netcomputer, get-netshare, get-netsession, get-netloggedon, get-netou, get-netsite, get-netsubnet, get-netgpo, get-domainpolicy, invoke-userhunter, invoke-processhunter, invoke-checklocaladminaccess, get-objectacl, get-netdomaintrust
🔹 Why This Matters for Defenders:
Every red-team finding above is a blue-team checklist item. Misconfigured delegation, stale adminCount=1 flags, over-privileged Backup Operators, and SPN sprawl on user accounts are the silent killers of AD environments. You can't harden what you can't see.
🔹 Key Lesson From the Lab:
A single low-privileged user is enough to map your entire domain, identify Tier 0 assets, and build a full attack graph — without ever touching a tool that triggers EDR. LDAP queries are noisy only if you're watching for them.
💼 Currently exploring new opportunities in Network & Cybersecurity Engineering — open to on-site, hybrid, or remote roles. I deliver hands-on services in network design, firewall deployment (Fortinet, Cisco), Active Directory hardening, ICS/OT security (IEC 62443, NIST), penetration testing, and infrastructure hardening.
#CyberSecurity #ActiveDirectory #RedTeam #PenetrationTesting #pywerview #PowerView #ADSecurity #LDAP #Kerberoasting #PrivilegeEscalation #InfoSec #BlueTeam #OpenToWork #NetworkSecurity #OffensiveSecurity
🔹 Share & Support Us 🔹
📱 Channel : @Engineer_Computer