Ну это прям реально полный гайд по Bloodhound CE. Для тех, кто ещё старым пользуется.
https://m4lwhere.medium.com/the-ultimate-guide-for-bloodhound-community-edition-bhce-80b574595acf
#pentest #enum #bloodhound
https://m4lwhere.medium.com/the-ultimate-guide-for-bloodhound-community-edition-bhce-80b574595acf
#pentest #enum #bloodhound
Medium
The Ultimate Guide for BloodHound Community Edition (BHCE)
I’ve run into many interested hackers who want to learn how to use BloodHound, but struggle to get started. Here’s how to be effective!
Ой, красота))) Получить данные из LSA без дампа LSASS.
Tool: https://github.com/EvanMcBroom/lsa-whisperer
Blog: https://posts.specterops.io/lsa-whisperer-20874277ea3b
#redteam #pentest #creds #dump
Tool: https://github.com/EvanMcBroom/lsa-whisperer
Blog: https://posts.specterops.io/lsa-whisperer-20874277ea3b
#redteam #pentest #creds #dump
GitHub
GitHub - EvanMcBroom/lsa-whisperer: Tools for interacting with authentication packages using their individual message protocols
Tools for interacting with authentication packages using their individual message protocols - EvanMcBroom/lsa-whisperer
SilverPotato...
https://decoder.cloud/2024/04/24/hello-im-your-domain-admin-and-i-want-to-authenticate-against-you/
#potato #pentest #redteam
https://decoder.cloud/2024/04/24/hello-im-your-domain-admin-and-i-want-to-authenticate-against-you/
#potato #pentest #redteam
Decoder's Blog
Hello: I’m your Domain Admin and I want to authenticate against you
TL;DR (really?): Members of Distributed COM Users or Performance Log Users Groups can trigger from remote and relay the authentication of users connected on the target server, including Domain Cont…
intro.gif
860 KB
Почему-то только сегодня обратил внимание на эту удобную штуку (ох, два года уже репозиторию)😅
https://github.com/aniqfakhrul/powerview.py
#ad #pentest #enum
https://github.com/aniqfakhrul/powerview.py
#ad #pentest #enum
CVE-2024-24919: Check Point arbitrary file read (as root)
Blog: https://labs.watchtowr.com/check-point-wrong-check-point-cve-2024-24919/
#cve #pentest #redteam
Blog: https://labs.watchtowr.com/check-point-wrong-check-point-cve-2024-24919/
#cve #pentest #redteam
watchTowr Labs - Blog
Check Point - Wrong Check Point (CVE-2024-24919)
Gather round, gather round - it’s time for another blogpost tearing open an SSLVPN appliance and laying bare a recent in-the-wild exploited bug. This time, it is Check Point who is the focus of our penetrative gaze.
Check Point, for those unaware, is the…
Check Point, for those unaware, is the…
Для опроса Defender'а Windows, например об исключениях (и ещё много о чем) на локальной или удалённой системе. Ещё и не нужно высоких привилегий.
https://github.com/0xsp-SRD/MDE_Enum
#git #soft #pentest #redteam
https://github.com/0xsp-SRD/MDE_Enum
#git #soft #pentest #redteam
GitHub
GitHub - 0xsp-SRD/MDE_Enum: comprehensive .NET tool designed to extract and display detailed information about Windows Defender…
comprehensive .NET tool designed to extract and display detailed information about Windows Defender exclusions and Attack Surface Reduction (ASR) rules without Admin privileges - 0xsp-SRD/MDE_Enum
CVE-2024-26229: Windows LPE
PATCHED: Apr 9, 2024
https://github.com/RalfHacker/CVE-2024-26229-exploit
P.S. Чуть поправил оригинальный эксплоит
#git #exploit #lpe #pentest #redteam
PATCHED: Apr 9, 2024
https://github.com/RalfHacker/CVE-2024-26229-exploit
P.S. Чуть поправил оригинальный эксплоит
#git #exploit #lpe #pentest #redteam
Please open Telegram to view this post
VIEW IN TELEGRAM