Commit Graph

255 Commits

Author SHA1 Message Date
p0dalirius
e0b8bee5a6 Update Active Directory Attack.md 2021-10-06 08:45:44 +02:00
p0dalirius
25b6003229 Update Active Directory Attack.md 2021-10-06 08:29:59 +02:00
p0dalirius
ee53c960f0 Update Active Directory Attack.md 2021-10-06 08:24:51 +02:00
p0dalirius
6d816c6e4b Update Active Directory Attack.md 2021-10-06 08:23:07 +02:00
Podalirius
286b7c507e
Update Active Directory Attack.md 2021-10-06 08:15:51 +02:00
Swissky
000d1f9260
Merge pull request #426 from CravateRouge/patch-2
Add python check for ZeroLogon
2021-10-01 00:58:58 +02:00
CravateRouge
52d83bea5f
Add python check for ZeroLogon 2021-09-30 23:38:48 +02:00
CravateRouge
1cdd284f5b
Add Linux alternatives for GenericWrite abuse 2021-09-30 22:17:20 +02:00
Swissky
d2f63406cd IIS + Certi + NetNTLMv1 2021-09-16 17:45:29 +02:00
Swissky
3af70155e2 DCOM Exec Impacket 2021-09-07 14:48:57 +02:00
Swissky
23438cc68e Mitigation NTLMv1 2021-09-07 10:22:39 +02:00
Swissky
c8076e99c9 Net-NTLMv1 + DriverPrinter 2021-09-06 20:58:44 +02:00
Swissky
0f94adafe5 ESC2 + Windows Search Connectors - Windows Library Files 2021-09-01 14:10:53 +02:00
Swissky
69b99826d2 AD CS Attacks 2021-08-25 22:14:44 +02:00
Swissky
fde99044c5 CS NTLM Relay 2021-08-22 23:03:02 +02:00
Swissky
87be30d3b2 DB2 Injection + ADCS 2021-08-10 23:00:19 +02:00
Swissky
d9d4a54d03 RemotePotato0 + HiveNightmare 2021-07-26 21:25:56 +02:00
Swissky
3a4bd97762 AD CS - Mimikatz / Rubeus 2021-07-25 11:40:19 +02:00
Swissky
44735975a5 Active Directory update 2021-07-12 20:45:16 +02:00
Swissky
175c676f1e Tmux PrivEsc + PrintNightmare update 2021-07-12 14:42:18 +02:00
Alexandre ZANNI
e2ff22b136
add CVE-2021-34527 + It Was All A Dream scanner 2021-07-08 10:40:01 +02:00
Swissky
2f8fc7bbb9 PrintNightmare - Mimikatz 2021-07-05 21:57:14 +02:00
Swissky
459f4c03fc Dependency Confusion + LDAP 2021-07-04 13:32:32 +02:00
Swissky
80816aee31 PrintNightmare - #385 2021-07-01 14:40:03 +02:00
Swissky
4e95162dc3 BadPwdCount attribute + DNS 2021-06-28 22:08:06 +02:00
Swissky
85a7ac8a76 Shadow Credentials + AD CS Relay + SSSD KCM 2021-06-24 15:26:05 +02:00
Swissky
a723a34449 PS Transcript + PPLdump.exe 2021-05-06 18:26:00 +02:00
Swissky
08b59f2856 AD update CME+DCOM 2021-04-21 22:27:07 +02:00
Micah Van Deusen
f23de13d96
Added method to read gMSA 2021-04-10 10:58:05 -05:00
Swissky
0443babe35 Relay + MSSQL Read File 2021-03-25 18:25:02 +01:00
Swissky
f6b9d63bf8 DCOM exploitation and MSSQL CLR 2021-03-24 22:26:23 +01:00
Swissky
bd2166027e GMSA Password + Dart Reverse Shell 2021-03-24 12:44:35 +01:00
c14dd49h
ca28c69e67
Update Active Directory Attack.md 2021-02-26 14:14:10 +01:00
Swissky
8d31b7240b Office Attacks 2021-02-21 20:17:57 +01:00
Swissky
092083af5c AD - Printer Bug + Account Lock 2021-01-29 22:10:22 +01:00
Swissky
3a6ac550b8 DSRM Admin 2021-01-08 23:41:50 +01:00
Tim Gates
7846225bfd
docs: fix simple typo, accound -> account
There is a small typo in Methodology and Resources/Active Directory Attack.md.

Should read `account` rather than `accound`.
2020-12-23 09:16:40 +11:00
Swissky
16b207eb0b LAPS Password 2020-12-20 21:45:41 +01:00
Swissky
67752de6e9 Bronze Bit Attack 2020-12-18 22:38:30 +01:00
Swissky
f7e8f515a5 Application Escape and Breakout 2020-12-17 08:56:58 +01:00
Swissky
73fdd6e218 Mimikatz - Elevate token with LSA protection 2020-12-09 23:33:40 +01:00
Swissky
19a2950b8d AMSI + Trust 2020-12-08 14:31:01 +01:00
Swissky
e13f152b74 AD - Recon 2020-12-02 18:43:13 +01:00
Swissky
b918095775 AzureHound 2020-11-24 12:41:34 +01:00
Swissky
bd184487e5 NTLM Hashcat 2020-11-06 16:20:03 +01:00
Vincent Gilles
0b90094002 Fix(Docs): Correcting typos on the repo 2020-10-17 22:52:35 +02:00
Swissky
b32f4754d7 Keytab + schtasks 2020-10-15 12:35:05 +02:00
@cnagy
ec1f89fbe6
Updated Responder link and added InveighZero 2020-10-02 04:39:09 +00:00
Swissky
1a0e31a05e Zero Logon - Restore pwd 2020-09-18 21:21:55 +02:00
Swissky
f4ef56fca0 Mimikatz Zerologon + reset pwd 2020-09-17 14:05:54 +02:00
Swissky
62678c26ce .NET Zero Logon 2020-09-16 14:31:59 +02:00
Swissky
14586e4d7a ZeroLogon via Mimikatz 2020-09-16 14:13:40 +02:00
Swissky
e79918bdc2 CVE-2020-1472 Unauthenticated domain controller compromise 2020-09-14 23:06:09 +02:00
Swissky
cc95f4e386 AD - Forest to Forest compromise 2020-08-18 09:33:38 +02:00
Justin Perdok
f11c45650b
Update Active Directory Attack.md 2020-08-17 13:18:30 +00:00
Justin Perdok
1284715128
Update Active Directory Attack.md 2020-08-17 13:15:33 +00:00
Justin Perdok
6f3f2239fa
GenericWrite and Remote Connection Manager
Added content from https://sensepost.com/blog/2020/ace-to-rce/
2020-08-17 13:00:04 +00:00
Swissky
33129f2b4c Silver Ticket with services list 2020-08-09 19:25:03 +02:00
Swissky
ca9326b5fc Driver Privilege Escalation 2020-07-13 15:00:36 +02:00
Swissky
ecf29c2cbe Active Directory - Mitigations 2020-06-18 11:55:48 +02:00
Swissky
5323ceb37c SUDO CVE + Windows Drivers PrivEsc 2020-05-28 11:19:16 +02:00
Swissky
4ca5e71c2f Bind shell cheatsheet (Fix #194) 2020-05-24 14:09:46 +02:00
Swissky
3ed2b28e59 Add user /Y + GPO Powerview 2020-05-10 23:16:29 +02:00
Swissky
7f1c150edd Mimikatz Summary 2020-05-10 16:17:10 +02:00
Swissky
5163ef902c XSS Google Scholar Payload + Skeleton Key Persistence 2020-05-03 16:28:17 +02:00
Swissky
af6760ef7a RoadRecon + JSON None refs 2020-04-17 16:34:51 +02:00
Swissky
95ab07b45e CloudTrail disable, GraphQL tool 2020-03-28 12:01:56 +01:00
Swissky
71a307a86b AWS - EC2 copy image 2020-02-29 12:56:00 +01:00
Swissky
74f2dfccca Kerberos Constrained Delegation 2020-02-23 21:20:46 +01:00
Swissky
aba6874517 Maps API + secretsdump enabled user/pw last set + certutil mimikatz 2020-02-06 21:41:29 +01:00
Swissky
be0397fa68 BloodHound ZIP + Zero Width space tip 2020-01-19 22:46:45 +01:00
Swissky
71171fa78b SSRF exploiting WSGI 2020-01-05 22:11:28 +01:00
Swissky
3a9b9529cb Mimikatz - Credential Manager & DPAPI 2020-01-05 17:27:02 +01:00
Swissky
73abdeed71 Kerberos AD GPO 2020-01-05 16:28:00 +01:00
Swissky
b052f78d95 Blacklist3r and Machine Key 2020-01-02 23:33:04 +01:00
Swissky
0a6ac284c9 AdminSDHolder Abuse 2019-12-30 19:55:47 +01:00
Swissky
bcb24c9866 Abusing Active Directory ACLs/ACEs 2019-12-30 14:22:10 +01:00
Swissky
4b10c5e302 AD mitigations 2019-12-26 12:09:23 +01:00
Swissky
cf5a4b6e97 XSLT injection draft 2019-12-17 21:13:59 +01:00
Swissky
c60f264664 RDP backdoor + RDP session takeover 2019-11-26 23:39:14 +01:00
Swissky
06864b0ff8 Password spraying rewrite + Summary fix 2019-11-25 23:35:20 +01:00
Swissky
3abaa3e23d Linux AD - Keyring, Keytab, CCACHE 2019-11-25 23:12:06 +01:00
Swissky
00684a10cd IIS asp shell with .asa, .cer, .xamlx 2019-11-16 14:53:42 +01:00
Swissky
639dc9faec .url file in writeable share 2019-11-14 23:54:57 +01:00
Swissky
3a384c34aa Password spray + AD summary re-org 2019-11-14 23:37:51 +01:00
Swissky
7f266bfda8 mitm ipv6 + macOS kerberoasting 2019-11-14 23:26:13 +01:00
Swissky
f6d5221a85 SID history break trust + Powershell history + SCF files 2019-11-07 23:21:00 +01:00
Swissky
24516ca7a1 Kubernetes attacks update + ref to securityboulevard 2019-11-05 11:05:59 +01:00
Swissky
60050219b7 Impersonating Office 365 Users on Azure AD Connect 2019-11-04 21:43:44 +01:00
Swissky
727eb5cabd Drop the MIC 2019-10-21 23:00:27 +02:00
Swissky
11fc6e4bc5 NTLM relay + MS08-068 2019-10-20 22:09:36 +02:00
Swissky
ed252df92e krb5.keytab + credential use summary 2019-10-20 13:25:06 +02:00
Swissky
7159a3ded3 RODC dcsync note + Dumping AD Domain summary 2019-10-18 00:07:09 +02:00
OOP
f0af3b4f4d
Update Active Directory Attack.md 2019-10-15 23:18:07 +07:00
Swissky
5455c30ec7 Juicy Potato + XXE update 2019-09-08 19:44:51 +02:00
Swissky
8dffb59ac5 Pspy + Silver Ticket + MSSQL connect 2019-08-18 22:24:48 +02:00
Swissky
4a176615fe CORS Misconfiguration 2019-08-18 12:08:51 +02:00
Swissky
b6697d8595 SSRF SVG + Windows Token getsystem 2019-08-15 18:21:06 +02:00
Swissky
bd449e9cea XSS PostMessage 2019-08-03 23:22:14 +02:00
Swissky
6baa446144 Directory Traversal CVE 2018 Spring 2019-07-27 13:02:16 +02:00
Swissky
657823a353 PTH Mitigation + Linux Smart Enumeration 2019-07-26 14:24:58 +02:00
Swissky
f6c0f226af PXE boot attack 2019-07-25 14:08:32 +02:00
Swissky
859695e2be Update PrivExchange based on chryzsh blog post 2019-07-24 14:10:58 +02:00
Swissky
a14b3af934 Active Directory - Resource Based Constrained Delegation 2019-07-22 21:45:50 +02:00
Swissky
45af613fd9 Active Directory - Unconstrained delegation 2019-07-17 23:17:35 +02:00
Swissky
13ba72f124 GraphQL + RDP Bruteforce + PostgreSQL RCE 2019-07-01 23:29:29 +02:00
Swissky
144b3827ab MS14-068 + /etc/security/opasswd 2019-06-29 17:55:13 +02:00
Swissky
9be62677b6 Add root user + PHP null byte version 2019-06-24 00:21:39 +02:00
Swissky
9745e67465 HQL Injection + references update 2019-06-16 23:45:52 +02:00
Swissky
f88da43e1c SQL informationschema.processlist + UPNP warning + getcap -ep 2019-05-25 18:19:08 +02:00
Swissky
9c2e63818f XSS without parenthesis, semi-colon + Lontara 2019-05-15 21:55:17 +02:00
Swissky
b81df17589 RFI - Windows SMB allow_url_include = "Off" 2019-05-12 22:23:55 +02:00
Swissky
bab04f8587 Masscan + AD password in description + ZSH revshell bugfix + Mimikatz lsass.dmp 2019-05-12 21:34:09 +02:00
Swissky
765c615efe XSS injection Summary + MSF web delivery 2019-05-12 14:22:48 +02:00
Swissky
9dfd7835ea mitm6 + ntlmrelayx 2019-04-21 14:08:18 +02:00
Alex Zeecka
4b79b865c9
--dc-ip to -dc-ip for psexec cmd 2019-04-03 10:45:45 +02:00
Swissky
90b182f10f AD references - Blog Post + SSTI basic config item 2019-03-24 16:26:00 +01:00
Swissky
a509909561 PostgreSQL RCE CVE-2019–9193 + ADAPE + WinPrivEsc Resources 2019-03-24 16:00:27 +01:00
Swissky
5d1b8bca79 SAML exploitation + ASREP roasting + Kerbrute 2019-03-24 13:16:23 +01:00
Swissky
e5090f2797 Bazaar - version control system 2019-03-15 23:27:14 +01:00
Swissky
404afd1d71 Fix name's capitalization 2019-03-07 00:07:55 +01:00
Swissky
21d1fe7eee Fix name - Part 1 2019-03-07 00:07:14 +01:00
Swissky
a58a8113d1 Linux capabilities - setuid + read / Docker group privesc 2019-02-26 17:24:10 +01:00
Swissky
78c882fb34 Jenkins Grrovy + MSSQL UNC + PostgreSQL list files 2019-02-17 20:02:16 +01:00
Swissky
f2273f5cce PrivExchange attack 2019-02-10 19:51:54 +01:00
Swissky
1c37517bf3 .git/index file parsing + fix CSRF payload typo 2019-02-07 23:33:47 +01:00
Swissky
b9f2fe367c Bugfix - Errors in stashed changes 2019-01-28 20:27:45 +01:00
Swissky
2e3aef1a19 Shell IPv6 + Sandbox credential 2019-01-07 18:15:45 +01:00
Swissky
e480c9358d SQL wildcard '_' + CSV injection reverse shell 2018-12-26 01:02:17 +01:00
Swissky
bd97c0be86 README update + Typo fix in Active Directory 2018-12-25 20:41:43 +01:00
Swissky
d57d59eca7 NTLMv2 hash capturing, cracking, replaying 2018-12-25 20:35:39 +01:00
Swissky
d5478d1fd6 AWS Pacu and sections + Kerberoasting details 2018-12-25 19:38:37 +01:00
Swissky
a6475a19d9 Adding references sectio 2018-12-24 15:02:50 +01:00
Swissky
69c1d601fa Kerberoasting + SQLmap write SSH key 2018-12-15 00:51:33 +01:00
Swissky
35d4139373 WebCache param miner file + Reverse shell Python TTY 2018-10-08 13:49:50 +02:00
Swissky
9ebf2057c5 Koadic Cheatsheet + Linux persistence in startup .desktop file 2018-10-04 17:35:57 +02:00
Swissky
65654f81a4 Markdown formatting update 2018-08-12 23:30:22 +02:00
Swissky
644724396f LaTeX display code + XSS location alternative 2018-08-01 21:19:18 +02:00
Swissky
93f4bbb19e AD BloodHound + AD Relationship + SSRF Digital Ocean 2018-07-15 11:06:43 +02:00
Swissky
cdc3adee51 PassTheTicket + OpenShare + Tools(CME example) 2018-07-08 20:03:40 +02:00
Swissky
76aefd9da2 Path traversal refactor + AD cme module msf/empire + IIS web.config 2018-07-07 12:04:55 +02:00
Swissky
8eb6cb80f9 GPP decrypt + SSRF url for cloud providers 2018-05-27 22:27:31 +02:00
Swissky
e261836532 Windows PrivEsc + SQLi second order + AD DiskShadow 2018-05-20 22:10:33 +02:00
Swissky
f1cb7ce50e SQL Cheatsheets - Refactoring part 1 2018-05-16 23:33:14 +02:00
Swissky
81eebeaea2 AD - Ropnop Tricks 2018-05-08 22:11:36 +02:00
Swissky
6a39f25661 AD - refactor part 4 (link and src) 2018-05-06 19:07:34 +02:00
Swissky
c5bbe88372 AD - refactor part3 2018-05-05 23:11:17 +02:00
Swissky
1feccf84cb AD refactor - Part 2 : summary 2018-05-05 17:41:04 +02:00
Swissky
6869c399d5 AD refactoring part1 2018-05-05 17:32:19 +02:00
Swissky
2dcffadd46 AD - Little fixes and refactor 2018-04-28 19:54:32 +02:00