Ofensive-security

This repository contains my Offensive Cyber Security / Penetrati...

Ofensive-security-Portfolio

This repository contains my Offensive Cyber Security / Penetrati...

Ninja

This is an open-source C2 server created for stealth red team operations, specifically designed to bypass AMSI Advanced Threat and Malware Protection and other security measures. The server is written in PowerShell and utilizes various modules to achieve its goals. The server includes several...

Metasploit Wrap-Up

Making Metasploit faster This week's wrap-up includes many new modules, but notably, we've upgraded Metasploit loading. Thanks to bcoles, the bootup performance when searching for a module has been increased in 20166. Also, we've reduced Metasploit startup time - in 20155. New module content 6...

Gather Ticket Granting Service (TGS) tickets for User Service Principal Names (SPN)

This module will try to find Service Principal Names that are associated with normal user accounts. Since normal accounts' passwords tend to be shorter than machine accounts, and knowing that a TGS request will encrypt the ticket with the account the SPN is running under, this could be used for a...

LDAP-Password-Hunter - Password Hunter In The LDAP Infamous Database

It happens that due to legacy services requirements or just bad security practices password are world-readable in the LDAP database by any user who is able to authenticate. LDAP Password Hunter is a tool which wraps features of getTGT.py Impacket and ldapsearch in order to look up for password...

Conti Ransomware Gang Has Full Log4Shell Attack Chain

The Conti ransomware gang, which last week became the first professional crimeware outfit to adopt and weaponize the Log4Shell vulnerability, has now built up a holistic attack chain. The sophisticated Russia-based Conti group – which Palo Alto Networks has called “one of the most ruthless” of...

Kerberoast - Kerberoast Attack -Pure Python-

Kerberos attack toolkit -pure python- Install pip3 install kerberoast Prereqirements Python 3.6 See requirements.txt For the impatient IMPORTANT: the accepted target url formats for LDAP and Kerberos are the following : +://:@/?= : +://:@/?= Steps -with SSPI-: kerberoast auto Steps -SSPI not...

targetedKerberoast - Kerberoast With ACL Abuse Capabilities

targetedKerberoast is a Python script that can, like many others e.g. GetUserSPNs.py, print "kerberoast" hashes for user accounts that have a SPN set. This tool brings the following additional feature: for each user without SPNs, it tries to set one abuse of a write permission on the...

2020 Under the Hoodie Report Reveals Pen Testers’ Most-Loved Vulnerabilities

Penetration testing “pentesting” is the practice of simulating a criminal breach of a sensitive area in order to uncover and fix defensive failures. Rapid7’s recently released report, Under the Hoodie, draws from the experiences of our Rapid7 pen testing services teamers to highlight key...

Kerberoast

The process of cracking Kerberos service tickets and rewriting them in order to gain access to the targeted service is called Kerberoast. This is very common attack in red team engagements since it doesn't require any interaction with the service as legitimate active directory access can be used ...