Metasploit 2023 Annual Wrap-Up: Dec. 29, 2023

As 2023 winds down, we’re taking another look back at all the changes and improvements to the Metasploit Framework. This year marked the 20th anniversary since Metasploit version 1.0 was committed and the project is still actively maintained and improved thanks to a thriving community. Version 6....

KRBUACBypass - UAC Bypass By Abusing Kerberos Tickets

This POC is inspired by James Forshaw @tiraniddo shared at BlackHat USA 2022 titled “ Taking Kerberos To The Next Level ” topic, he shared a Demo of abusing Kerberos tickets to achieve UAC bypass. By adding a KERB-AD-RESTRICTION-ENTRY to the service ticket, but filling in a fake MachineID, we can...

IcedID Malware Strikes Again: Active Directory Domain Compromised in Under 24 Hours

A recent IcedID malware attack enabled the threat actor to compromise the Active Directory domain of an unnamed target less than 24 hours after gaining initial access, while also borrowing techniques from other groups like Conti to meet its goals. "Throughout the attack, the attacker followed a...

Exploit for Improper Certificate Validation in Microsoft

CVE-2022-26923-Powershell-POC A powershell poc to load and aut...

Detection evasion in CLR and tips on how to detect such attacks

In terms of costs, the age-old battle that pits attacker versus defender has become very one sided in recent years. Almost all modern attacks and ethical offensive exercises use Mimikatz, SharpHound, SeatBelt, Rubeus, GhostPack and other toolsets available to the community. This so-called...

Rubeus - C# Toolset For Raw Kerberos Interaction And Abuses

Rubeus is a C toolset for raw Kerberos interaction and abuses. It is heavily adapted from Benjamin Delpy's Kekeo project CC BY-NC-SA 4.0 license and Vincent LE TOUX's MakeMeEnterpriseAdmin project GPL v3.0 license. Full credit goes to Benjamin and Vincent for working out the hard components of...

PowerSharpPack - Many usefull offensive CSharp Projects wraped into Powershell for easy usage

Many usefull offensive CSharp Projects wraped into Powershell for easy usage. Why? In my personal opinion offensive Powershell is not dead because of AMSI, Script-block-logging, Constrained Language Mode or other protection features. Any of these mechanisms can be bypassed. Since most new...

SharpMapExec - A Sharpen Version Of CrackMapExec

A sharpen version of CrackMapExec. This tool is made to simplify penetration testing of networks and to create a swiss army knife that is made for running on Windows which is often a requirement during insider threat simulation engagements. Besides scanning for access it can be used to identify...

Rbcd-Attack - Kerberos Resource-Based Constrained Delegation Attack From Outside Using Impacket

Abusing Kerberos Resource-Based Constrained Delegation TL;DR This repo is about a practical attack against Kerberos Resource-Based Constrained Delegation in a Windows Active Directory Domain. The difference from other common implementations is that we are launching the attack from outside of the...