CravateRouge
|
1cdd284f5b
|
Add Linux alternatives for GenericWrite abuse
|
2021-09-30 22:17:20 +02:00 |
|
Swissky
|
d2f63406cd
|
IIS + Certi + NetNTLMv1
|
2021-09-16 17:45:29 +02:00 |
|
Swissky
|
3af70155e2
|
DCOM Exec Impacket
|
2021-09-07 14:48:57 +02:00 |
|
Swissky
|
23438cc68e
|
Mitigation NTLMv1
|
2021-09-07 10:22:39 +02:00 |
|
Swissky
|
c8076e99c9
|
Net-NTLMv1 + DriverPrinter
|
2021-09-06 20:58:44 +02:00 |
|
Swissky
|
0f94adafe5
|
ESC2 + Windows Search Connectors - Windows Library Files
|
2021-09-01 14:10:53 +02:00 |
|
Swissky
|
69b99826d2
|
AD CS Attacks
|
2021-08-25 22:14:44 +02:00 |
|
Swissky
|
fde99044c5
|
CS NTLM Relay
|
2021-08-22 23:03:02 +02:00 |
|
Swissky
|
87be30d3b2
|
DB2 Injection + ADCS
|
2021-08-10 23:00:19 +02:00 |
|
Swissky
|
d9d4a54d03
|
RemotePotato0 + HiveNightmare
|
2021-07-26 21:25:56 +02:00 |
|
Swissky
|
3a4bd97762
|
AD CS - Mimikatz / Rubeus
|
2021-07-25 11:40:19 +02:00 |
|
Swissky
|
44735975a5
|
Active Directory update
|
2021-07-12 20:45:16 +02:00 |
|
Swissky
|
175c676f1e
|
Tmux PrivEsc + PrintNightmare update
|
2021-07-12 14:42:18 +02:00 |
|
Alexandre ZANNI
|
e2ff22b136
|
add CVE-2021-34527 + It Was All A Dream scanner
|
2021-07-08 10:40:01 +02:00 |
|
Swissky
|
2f8fc7bbb9
|
PrintNightmare - Mimikatz
|
2021-07-05 21:57:14 +02:00 |
|
Swissky
|
459f4c03fc
|
Dependency Confusion + LDAP
|
2021-07-04 13:32:32 +02:00 |
|
Swissky
|
80816aee31
|
PrintNightmare - #385
|
2021-07-01 14:40:03 +02:00 |
|
Swissky
|
4e95162dc3
|
BadPwdCount attribute + DNS
|
2021-06-28 22:08:06 +02:00 |
|
Swissky
|
85a7ac8a76
|
Shadow Credentials + AD CS Relay + SSSD KCM
|
2021-06-24 15:26:05 +02:00 |
|
Swissky
|
a723a34449
|
PS Transcript + PPLdump.exe
|
2021-05-06 18:26:00 +02:00 |
|
Swissky
|
08b59f2856
|
AD update CME+DCOM
|
2021-04-21 22:27:07 +02:00 |
|
Micah Van Deusen
|
f23de13d96
|
Added method to read gMSA
|
2021-04-10 10:58:05 -05:00 |
|
Swissky
|
0443babe35
|
Relay + MSSQL Read File
|
2021-03-25 18:25:02 +01:00 |
|
Swissky
|
f6b9d63bf8
|
DCOM exploitation and MSSQL CLR
|
2021-03-24 22:26:23 +01:00 |
|
Swissky
|
bd2166027e
|
GMSA Password + Dart Reverse Shell
|
2021-03-24 12:44:35 +01:00 |
|
c14dd49h
|
ca28c69e67
|
Update Active Directory Attack.md
|
2021-02-26 14:14:10 +01:00 |
|
Swissky
|
8d31b7240b
|
Office Attacks
|
2021-02-21 20:17:57 +01:00 |
|
Swissky
|
092083af5c
|
AD - Printer Bug + Account Lock
|
2021-01-29 22:10:22 +01:00 |
|
Swissky
|
3a6ac550b8
|
DSRM Admin
|
2021-01-08 23:41:50 +01:00 |
|
Tim Gates
|
7846225bfd
|
docs: fix simple typo, accound -> account
There is a small typo in Methodology and Resources/Active Directory Attack.md.
Should read `account` rather than `accound`.
|
2020-12-23 09:16:40 +11:00 |
|
Swissky
|
16b207eb0b
|
LAPS Password
|
2020-12-20 21:45:41 +01:00 |
|
Swissky
|
67752de6e9
|
Bronze Bit Attack
|
2020-12-18 22:38:30 +01:00 |
|
Swissky
|
f7e8f515a5
|
Application Escape and Breakout
|
2020-12-17 08:56:58 +01:00 |
|
Swissky
|
73fdd6e218
|
Mimikatz - Elevate token with LSA protection
|
2020-12-09 23:33:40 +01:00 |
|
Swissky
|
19a2950b8d
|
AMSI + Trust
|
2020-12-08 14:31:01 +01:00 |
|
Swissky
|
e13f152b74
|
AD - Recon
|
2020-12-02 18:43:13 +01:00 |
|
Swissky
|
b918095775
|
AzureHound
|
2020-11-24 12:41:34 +01:00 |
|
Swissky
|
bd184487e5
|
NTLM Hashcat
|
2020-11-06 16:20:03 +01:00 |
|
Vincent Gilles
|
0b90094002
|
Fix(Docs): Correcting typos on the repo
|
2020-10-17 22:52:35 +02:00 |
|
Swissky
|
b32f4754d7
|
Keytab + schtasks
|
2020-10-15 12:35:05 +02:00 |
|
@cnagy
|
ec1f89fbe6
|
Updated Responder link and added InveighZero
|
2020-10-02 04:39:09 +00:00 |
|
Swissky
|
1a0e31a05e
|
Zero Logon - Restore pwd
|
2020-09-18 21:21:55 +02:00 |
|
Swissky
|
f4ef56fca0
|
Mimikatz Zerologon + reset pwd
|
2020-09-17 14:05:54 +02:00 |
|
Swissky
|
62678c26ce
|
.NET Zero Logon
|
2020-09-16 14:31:59 +02:00 |
|
Swissky
|
14586e4d7a
|
ZeroLogon via Mimikatz
|
2020-09-16 14:13:40 +02:00 |
|
Swissky
|
e79918bdc2
|
CVE-2020-1472 Unauthenticated domain controller compromise
|
2020-09-14 23:06:09 +02:00 |
|
Swissky
|
cc95f4e386
|
AD - Forest to Forest compromise
|
2020-08-18 09:33:38 +02:00 |
|
Justin Perdok
|
f11c45650b
|
Update Active Directory Attack.md
|
2020-08-17 13:18:30 +00:00 |
|
Justin Perdok
|
1284715128
|
Update Active Directory Attack.md
|
2020-08-17 13:15:33 +00:00 |
|
Justin Perdok
|
6f3f2239fa
|
GenericWrite and Remote Connection Manager
Added content from https://sensepost.com/blog/2020/ace-to-rce/
|
2020-08-17 13:00:04 +00:00 |
|
Swissky
|
33129f2b4c
|
Silver Ticket with services list
|
2020-08-09 19:25:03 +02:00 |
|
Swissky
|
ca9326b5fc
|
Driver Privilege Escalation
|
2020-07-13 15:00:36 +02:00 |
|
Swissky
|
ecf29c2cbe
|
Active Directory - Mitigations
|
2020-06-18 11:55:48 +02:00 |
|
Swissky
|
5323ceb37c
|
SUDO CVE + Windows Drivers PrivEsc
|
2020-05-28 11:19:16 +02:00 |
|
Swissky
|
4ca5e71c2f
|
Bind shell cheatsheet (Fix #194)
|
2020-05-24 14:09:46 +02:00 |
|
Swissky
|
3ed2b28e59
|
Add user /Y + GPO Powerview
|
2020-05-10 23:16:29 +02:00 |
|
Swissky
|
7f1c150edd
|
Mimikatz Summary
|
2020-05-10 16:17:10 +02:00 |
|
Swissky
|
5163ef902c
|
XSS Google Scholar Payload + Skeleton Key Persistence
|
2020-05-03 16:28:17 +02:00 |
|
Swissky
|
af6760ef7a
|
RoadRecon + JSON None refs
|
2020-04-17 16:34:51 +02:00 |
|
Swissky
|
95ab07b45e
|
CloudTrail disable, GraphQL tool
|
2020-03-28 12:01:56 +01:00 |
|
Swissky
|
71a307a86b
|
AWS - EC2 copy image
|
2020-02-29 12:56:00 +01:00 |
|
Swissky
|
74f2dfccca
|
Kerberos Constrained Delegation
|
2020-02-23 21:20:46 +01:00 |
|
Swissky
|
aba6874517
|
Maps API + secretsdump enabled user/pw last set + certutil mimikatz
|
2020-02-06 21:41:29 +01:00 |
|
Swissky
|
be0397fa68
|
BloodHound ZIP + Zero Width space tip
|
2020-01-19 22:46:45 +01:00 |
|
Swissky
|
71171fa78b
|
SSRF exploiting WSGI
|
2020-01-05 22:11:28 +01:00 |
|
Swissky
|
3a9b9529cb
|
Mimikatz - Credential Manager & DPAPI
|
2020-01-05 17:27:02 +01:00 |
|
Swissky
|
73abdeed71
|
Kerberos AD GPO
|
2020-01-05 16:28:00 +01:00 |
|
Swissky
|
b052f78d95
|
Blacklist3r and Machine Key
|
2020-01-02 23:33:04 +01:00 |
|
Swissky
|
0a6ac284c9
|
AdminSDHolder Abuse
|
2019-12-30 19:55:47 +01:00 |
|
Swissky
|
bcb24c9866
|
Abusing Active Directory ACLs/ACEs
|
2019-12-30 14:22:10 +01:00 |
|
Swissky
|
4b10c5e302
|
AD mitigations
|
2019-12-26 12:09:23 +01:00 |
|
Swissky
|
cf5a4b6e97
|
XSLT injection draft
|
2019-12-17 21:13:59 +01:00 |
|
Swissky
|
c60f264664
|
RDP backdoor + RDP session takeover
|
2019-11-26 23:39:14 +01:00 |
|
Swissky
|
06864b0ff8
|
Password spraying rewrite + Summary fix
|
2019-11-25 23:35:20 +01:00 |
|
Swissky
|
3abaa3e23d
|
Linux AD - Keyring, Keytab, CCACHE
|
2019-11-25 23:12:06 +01:00 |
|
Swissky
|
00684a10cd
|
IIS asp shell with .asa, .cer, .xamlx
|
2019-11-16 14:53:42 +01:00 |
|
Swissky
|
639dc9faec
|
.url file in writeable share
|
2019-11-14 23:54:57 +01:00 |
|
Swissky
|
3a384c34aa
|
Password spray + AD summary re-org
|
2019-11-14 23:37:51 +01:00 |
|
Swissky
|
7f266bfda8
|
mitm ipv6 + macOS kerberoasting
|
2019-11-14 23:26:13 +01:00 |
|
Swissky
|
f6d5221a85
|
SID history break trust + Powershell history + SCF files
|
2019-11-07 23:21:00 +01:00 |
|
Swissky
|
24516ca7a1
|
Kubernetes attacks update + ref to securityboulevard
|
2019-11-05 11:05:59 +01:00 |
|
Swissky
|
60050219b7
|
Impersonating Office 365 Users on Azure AD Connect
|
2019-11-04 21:43:44 +01:00 |
|
Swissky
|
727eb5cabd
|
Drop the MIC
|
2019-10-21 23:00:27 +02:00 |
|
Swissky
|
11fc6e4bc5
|
NTLM relay + MS08-068
|
2019-10-20 22:09:36 +02:00 |
|
Swissky
|
ed252df92e
|
krb5.keytab + credential use summary
|
2019-10-20 13:25:06 +02:00 |
|
Swissky
|
7159a3ded3
|
RODC dcsync note + Dumping AD Domain summary
|
2019-10-18 00:07:09 +02:00 |
|
OOP
|
f0af3b4f4d
|
Update Active Directory Attack.md
|
2019-10-15 23:18:07 +07:00 |
|
Swissky
|
5455c30ec7
|
Juicy Potato + XXE update
|
2019-09-08 19:44:51 +02:00 |
|
Swissky
|
8dffb59ac5
|
Pspy + Silver Ticket + MSSQL connect
|
2019-08-18 22:24:48 +02:00 |
|
Swissky
|
4a176615fe
|
CORS Misconfiguration
|
2019-08-18 12:08:51 +02:00 |
|
Swissky
|
b6697d8595
|
SSRF SVG + Windows Token getsystem
|
2019-08-15 18:21:06 +02:00 |
|
Swissky
|
bd449e9cea
|
XSS PostMessage
|
2019-08-03 23:22:14 +02:00 |
|
Swissky
|
6baa446144
|
Directory Traversal CVE 2018 Spring
|
2019-07-27 13:02:16 +02:00 |
|
Swissky
|
657823a353
|
PTH Mitigation + Linux Smart Enumeration
|
2019-07-26 14:24:58 +02:00 |
|
Swissky
|
f6c0f226af
|
PXE boot attack
|
2019-07-25 14:08:32 +02:00 |
|
Swissky
|
859695e2be
|
Update PrivExchange based on chryzsh blog post
|
2019-07-24 14:10:58 +02:00 |
|
Swissky
|
a14b3af934
|
Active Directory - Resource Based Constrained Delegation
|
2019-07-22 21:45:50 +02:00 |
|
Swissky
|
45af613fd9
|
Active Directory - Unconstrained delegation
|
2019-07-17 23:17:35 +02:00 |
|
Swissky
|
13ba72f124
|
GraphQL + RDP Bruteforce + PostgreSQL RCE
|
2019-07-01 23:29:29 +02:00 |
|
Swissky
|
144b3827ab
|
MS14-068 + /etc/security/opasswd
|
2019-06-29 17:55:13 +02:00 |
|
Swissky
|
9be62677b6
|
Add root user + PHP null byte version
|
2019-06-24 00:21:39 +02:00 |
|
Swissky
|
9745e67465
|
HQL Injection + references update
|
2019-06-16 23:45:52 +02:00 |
|
Swissky
|
f88da43e1c
|
SQL informationschema.processlist + UPNP warning + getcap -ep
|
2019-05-25 18:19:08 +02:00 |
|
Swissky
|
9c2e63818f
|
XSS without parenthesis, semi-colon + Lontara
|
2019-05-15 21:55:17 +02:00 |
|
Swissky
|
b81df17589
|
RFI - Windows SMB allow_url_include = "Off"
|
2019-05-12 22:23:55 +02:00 |
|
Swissky
|
bab04f8587
|
Masscan + AD password in description + ZSH revshell bugfix + Mimikatz lsass.dmp
|
2019-05-12 21:34:09 +02:00 |
|
Swissky
|
765c615efe
|
XSS injection Summary + MSF web delivery
|
2019-05-12 14:22:48 +02:00 |
|
Swissky
|
9dfd7835ea
|
mitm6 + ntlmrelayx
|
2019-04-21 14:08:18 +02:00 |
|
Alex Zeecka
|
4b79b865c9
|
--dc-ip to -dc-ip for psexec cmd
|
2019-04-03 10:45:45 +02:00 |
|
Swissky
|
90b182f10f
|
AD references - Blog Post + SSTI basic config item
|
2019-03-24 16:26:00 +01:00 |
|
Swissky
|
a509909561
|
PostgreSQL RCE CVE-2019–9193 + ADAPE + WinPrivEsc Resources
|
2019-03-24 16:00:27 +01:00 |
|
Swissky
|
5d1b8bca79
|
SAML exploitation + ASREP roasting + Kerbrute
|
2019-03-24 13:16:23 +01:00 |
|
Swissky
|
e5090f2797
|
Bazaar - version control system
|
2019-03-15 23:27:14 +01:00 |
|
Swissky
|
404afd1d71
|
Fix name's capitalization
|
2019-03-07 00:07:55 +01:00 |
|
Swissky
|
21d1fe7eee
|
Fix name - Part 1
|
2019-03-07 00:07:14 +01:00 |
|
Swissky
|
a58a8113d1
|
Linux capabilities - setuid + read / Docker group privesc
|
2019-02-26 17:24:10 +01:00 |
|
Swissky
|
78c882fb34
|
Jenkins Grrovy + MSSQL UNC + PostgreSQL list files
|
2019-02-17 20:02:16 +01:00 |
|
Swissky
|
f2273f5cce
|
PrivExchange attack
|
2019-02-10 19:51:54 +01:00 |
|
Swissky
|
1c37517bf3
|
.git/index file parsing + fix CSRF payload typo
|
2019-02-07 23:33:47 +01:00 |
|
Swissky
|
b9f2fe367c
|
Bugfix - Errors in stashed changes
|
2019-01-28 20:27:45 +01:00 |
|
Swissky
|
2e3aef1a19
|
Shell IPv6 + Sandbox credential
|
2019-01-07 18:15:45 +01:00 |
|
Swissky
|
e480c9358d
|
SQL wildcard '_' + CSV injection reverse shell
|
2018-12-26 01:02:17 +01:00 |
|
Swissky
|
bd97c0be86
|
README update + Typo fix in Active Directory
|
2018-12-25 20:41:43 +01:00 |
|
Swissky
|
d57d59eca7
|
NTLMv2 hash capturing, cracking, replaying
|
2018-12-25 20:35:39 +01:00 |
|
Swissky
|
d5478d1fd6
|
AWS Pacu and sections + Kerberoasting details
|
2018-12-25 19:38:37 +01:00 |
|
Swissky
|
a6475a19d9
|
Adding references sectio
|
2018-12-24 15:02:50 +01:00 |
|
Swissky
|
69c1d601fa
|
Kerberoasting + SQLmap write SSH key
|
2018-12-15 00:51:33 +01:00 |
|
Swissky
|
35d4139373
|
WebCache param miner file + Reverse shell Python TTY
|
2018-10-08 13:49:50 +02:00 |
|
Swissky
|
9ebf2057c5
|
Koadic Cheatsheet + Linux persistence in startup .desktop file
|
2018-10-04 17:35:57 +02:00 |
|
Swissky
|
65654f81a4
|
Markdown formatting update
|
2018-08-12 23:30:22 +02:00 |
|
Swissky
|
644724396f
|
LaTeX display code + XSS location alternative
|
2018-08-01 21:19:18 +02:00 |
|
Swissky
|
93f4bbb19e
|
AD BloodHound + AD Relationship + SSRF Digital Ocean
|
2018-07-15 11:06:43 +02:00 |
|
Swissky
|
cdc3adee51
|
PassTheTicket + OpenShare + Tools(CME example)
|
2018-07-08 20:03:40 +02:00 |
|
Swissky
|
76aefd9da2
|
Path traversal refactor + AD cme module msf/empire + IIS web.config
|
2018-07-07 12:04:55 +02:00 |
|
Swissky
|
8eb6cb80f9
|
GPP decrypt + SSRF url for cloud providers
|
2018-05-27 22:27:31 +02:00 |
|
Swissky
|
e261836532
|
Windows PrivEsc + SQLi second order + AD DiskShadow
|
2018-05-20 22:10:33 +02:00 |
|
Swissky
|
f1cb7ce50e
|
SQL Cheatsheets - Refactoring part 1
|
2018-05-16 23:33:14 +02:00 |
|
Swissky
|
81eebeaea2
|
AD - Ropnop Tricks
|
2018-05-08 22:11:36 +02:00 |
|
Swissky
|
6a39f25661
|
AD - refactor part 4 (link and src)
|
2018-05-06 19:07:34 +02:00 |
|
Swissky
|
c5bbe88372
|
AD - refactor part3
|
2018-05-05 23:11:17 +02:00 |
|
Swissky
|
1feccf84cb
|
AD refactor - Part 2 : summary
|
2018-05-05 17:41:04 +02:00 |
|
Swissky
|
6869c399d5
|
AD refactoring part1
|
2018-05-05 17:32:19 +02:00 |
|
Swissky
|
2dcffadd46
|
AD - Little fixes and refactor
|
2018-04-28 19:54:32 +02:00 |
|
Swissky
|
cb3b298451
|
Oracle SQL + SQL injection updates (MS SQL/MYSQL/ GENERAL)
|
2018-04-27 23:31:58 +02:00 |
|
Swissky
|
f62d466340
|
Fix Golden Ticket
|
2018-04-15 16:02:27 +02:00 |
|
Swissky
|
b8fbca3347
|
AD Attack - Golden Ticket + SQL/OpenRed/SSRF
|
2018-04-12 23:23:41 +02:00 |
|
Swissky
|
d1f6e8397d
|
Refactoring XSS 0/?
|
2018-03-23 13:53:53 +01:00 |
|
Swissky
|
30019235f8
|
SQLmap tips + Active Directory attacks + SQLite injections
|
2018-03-12 09:17:31 +01:00 |
|