From bcd67377be9dd1d82abf916c0ebfa1f79e314ee2 Mon Sep 17 00:00:00 2001 From: Omar Santos Date: Wed, 6 Jun 2018 17:23:15 -0400 Subject: [PATCH] Adding Resources for Windows-based Assessments Adding resources and tools used for Windows-based assessments.... --- windows/README.md | 27 ++++++++++++++++++++------- 1 file changed, 20 insertions(+), 7 deletions(-) diff --git a/windows/README.md b/windows/README.md index f63881b..d0395d8 100644 --- a/windows/README.md +++ b/windows/README.md @@ -1,10 +1,23 @@ # Resources for Windows-based Assessments -* [The Active Directory module for Windows PowerShell is a PowerShell module that consolidates a group of cmdlets.](https://docs.microsoft.com/en-us/powershell/module/addsadministration/?view=win10-ps) -* [PowerShell Empire](http://www.powershellempire.com/) -* [PowerSploit](https://github.com/PowerShellMafia/PowerSploit) -* [CimSweep](https://github.com/PowerShellMafia/CimSweep) -* [PowerSCCM](https://github.com/PowerShellMafia/PowerSCCM) -* [SANS PowerShell Cheat Sheet](https://pen-testing.sans.org/blog/2016/05/25/sans-powershell-cheat-sheet/) -* [PaulSec Windows Resource Repository](https://github.com/PaulSec/awesome-windows-domain-hardening) +## Tools used for Windows-based Assessments +- [PowerShell Empire](http://www.powershellempire.com/) +- [CimSweep](https://github.com/PowerShellMafia/CimSweep) +- [Responder](https://github.com/lgandx/Responder) - A LLMNR, NBT-NS and MDNS poisoner +- [BloodHound](https://github.com/BloodHoundAD/BloodHound) - Six Degrees of Domain Admin +- [AD Control Path](https://github.com/ANSSI-FR/AD-control-paths) - Active Directory Control Paths auditing and graphing tools +- [PowerSploit](https://github.com/PowerShellMafia/PowerSploit/) - A PowerShell Post-Exploitation Framework +- [PowerView](https://github.com/PowerShellMafia/PowerSploit/tree/master/Recon) - Situational Awareness PowerShell framework +- [PowerSCCM](https://github.com/PowerShellMafia/PowerSCCM) - Functions to facilitate connections to and queries from SCCM databases and WMI interfaces for both offensive and defensive applications. +- [Empire](https://github.com/EmpireProject/Empire) - PowerShell and Python post-exploitation agent +- [Mimikatz](https://github.com/gentilkiwi/mimikatz) - Utility to extract plaintexts passwords, hash, PIN code and kerberos tickets from memory but also perform pass-the-hash, pass-the-ticket or build Golden tickets +- [UACME](https://github.com/hfiref0x/UACME) - Defeating Windows User Account Control +- [Windows System Internals](https://technet.microsoft.com/en-us/sysinternals/bb545021.aspx) - (Including Sysmon etc.) +- [Hardentools](https://github.com/securitywithoutborders/hardentools) - Collection of simple utilities designed to disable a number of "features" exposed by Windows +- [CrackMapExec](https://github.com/byt3bl33d3r/CrackMapExec) - A swiss army knife for pentesting Windows/Active Directory environments +## Additional Resources +- [PaulSec Windows Resource Repository](https://github.com/PaulSec/awesome-windows-domain-hardening) +- [Tools Cheatsheets](https://github.com/HarmJ0y/CheatSheets) - (Beacon, PowerView, PowerUp, Empire, ...) +- [SANS PowerShell Cheat Sheet](https://pen-testing.sans.org/blog/2016/05/25/sans-powershell-cheat-sheet/) +- [The Active Directory module for Windows PowerShell is a PowerShell module that consolidates a group of cmdlets.](https://docs.microsoft.com/en-us/powershell/module/addsadministration/?view=win10-ps)