Recently Updated Pages
Remote Bloodhound
GitHub Repo Prerequisites impacket ldap3 dnspython Installation python3 -m pip insta...
Enum4Linux
Details Enum4linux is a tool for enumerating information from Windows and Samba systems. It at...
LdapSearch
When to Use You'll know when you've found a domain controller, because it will have several por...
PrintNightmare (Internal/External)
Remote Code Execution https://github.com/cube0x0/CVE-2021-1675 Contains full details on scannin...
Manual Enumeration
net.exe Drawbacks net does not show nested groups net only shows up to 10 groups even if a u...
BloodHound
1. Installation sudo apt install -y neo4j bloodhound 2. Setup sudo neo4j console & Navi...
PowerView
Overview A set of PowerShell functions that can be used to enumerate ActiveDirectory. Part of th...
Passback Attacks (Internal/External)
What's the Flaw? Usually involves an unsecure device -- like a printer or multifunction device -...
IPv6 DNS Spoofing (Internal)
Note: Network Environment This spoofing attack and works by sending a router announcement to mul...
SMB Relay (Internal/External)
Note: Network Environment This attack works best in a flat network. However, as long as the atta...
LLMNR Poisoning (Internal)
Note: Network Environment Given that LLMNR is a name resolution protocol that works on the Local...
Computer Networking: MAC Addressing and ARP
Media Access Control Address Identifies the physical network interface of a host Hexadecima...
Computer Networking: Encapsulation and Decapsulation
TCP/IP Model vs. OSI Model TCP/IP Model The sender sends from Layer 4 down to Layer 1The recipi...
NoMachine Customizations
Proxmox VM vs Linux Container This page was written when I was using Kali Linux in a Proxmox VM....
Installing Wine and Wine Dependencies
Considerations I urge you to consider taking a snapshot of your Kali instance at its current sta...
Dumping Passwords from Windows Credential Manager
Credential Enumeration cmdkey /list In reverse shells, I have noticed that it's impossible to s...
Spawn Processes as Other Users
RunasCs.exe Project GitHub https://github.com/antonioCoco/RunasCs/releases Example Usage Spaw...
Pass the Key
Kerberos Encryption Keys Policies on the domain controller will dictate which encryption algorit...
Pass the Ticket
Anatomy of a Kerberos Ticket [0;97d82]-2-0-40e10000-t2_felicia.dean@krbtgt-ZA.TRYHACKME.COM.kirb...
DCSync
DCSync Overview DC Sync is a legitimate function of Active Directory environments where a domain...