PenTest

Active Directory Enumeration with PowerView

by
This entry is part 5 of 5 in the series Attack and Defend Active Directory

Views: 2Complete Active Directory Enumeration Using PowerView PowerView is a powerful PowerShell tool designed to perform detailed enumeration of Active Directory (AD) environments. It is widely used by penetration testers, red teamers, and security professionals to gather domain-related information, find privilege escalation paths, and map AD trust relationships. Below is a complete list of PowerView … Read more

Vulnerability Management: FARADAY

by
This entry is part 2 of 4 in the series Governance Risk Compliance

Views: 29Faraday: Open Source Vulnerability Manager Faraday is a powerful open-source vulnerability management platform designed to help cybersecurity teams streamline their pentesting, vulnerability assessment, and remediation processes. Built with a collaborative and automation-driven approach, Faraday enables security professionals to efficiently collect, analyze, and manage security findings from various tools in a centralized environment. With support … Read more

Active Directory Domain Service (AD DS)

by
This entry is part 4 of 5 in the series Attack and Defend Active Directory

Views: 11 Overview Users Machines Security Groups Security Group Description Domain Admins Full control over the domain. Server Operators Can manage Domain Controllers but not admin groups. Backup Operators Can access any file for backup purposes. Account Operators Can create/modify user accounts. Domain Users Includes all user accounts. Domain Computers Includes all machines in the … Read more

Metasploit Cheat Sheet

by
This entry is part 3 of 17 in the series Red Team Engagements

Views: 47MSFconsole Commands Command Description show exploits Show all exploits within the Framework. show payloads Show all payloads within the Framework. grep meterpreter show payloadsgrep meterpreter grep reverse_tcp show payloads MSF – Searching for Specific Payload show auxiliary Show all auxiliary modules within the Framework. search <name> Search for exploits or modules within the Framework. … Read more

Shodan 101

by
This entry is part 2 of 4 in the series Instrusion Detection and Prevention

Views: 21Shodan is a search engine for Internet-connected devices.It lets users search for various types of servers (webcams, routers, servers, etc.) connected to the internet using a variety of filters.Some have also described it as a search engine of service banners, which is metadata that the server sends back to the client.This can be information … Read more

GOAD v2 Installation

by
This entry is part 3 of 5 in the series Attack and Defend Active Directory

Views: 186Game Of Active Directory The following steps explain the procedure to setup the GOADv2 LAB environment to pentest Active Directory. Warning This lab is extremely vulnerable, do not reuse recipe to build your environment and do not deploy this environment on internet without isolation (this is a recommendation, use it as your own risk). This … Read more

AD Fundamentals

by
This entry is part 2 of 5 in the series Attack and Defend Active Directory

Views: 27Ransomware operators have been increasingly targeting Active Directory as a key part of their attack paths. The Conti Ransomware which has been used in more than 400 attacks around the world has been shown to leverage recent critical Active Directory flaws such as PrintNightmare (CVE-2021-34527) and Zerologon (CVE-2020-1472) to escalate privileges and move laterally in a target network.

Breaching AD

by
This entry is part 1 of 5 in the series Attack and Defend Active Directory

Views: 50Active Directory (AD) is used by approximately 90% of the Global Fortune 1000 companies. If an organisation’s estate uses Microsoft Windows, you are almost guaranteed to find AD. Microsoft AD is the dominant suite used to manage Windows domain networks. However, since AD is used for Identity and Access Management of the entire estate, … Read more