Skip to main content

Recently Updated Pages

Remote Bloodhound

Active Directory Post Exploitation: Enumeration

GitHub Repo Prerequisites impacket ldap3 dnspython  Installation python3 -m pip insta...

Updated 2 weeks ago by 0xBEN

Enum4Linux

Active Directory Post Exploitation: Enumeration

Details Enum4linux is a tool for enumerating information from Windows and Samba systems. It at...

Updated 2 weeks ago by 0xBEN

LdapSearch

Active Directory Post Exploitation: Enumeration

When to Use  You'll know when you've found a domain controller, because it will have several por...

Updated 2 weeks ago by 0xBEN

PrintNightmare (Internal/External)

Active Directory Initial Attack Vectors

Remote Code Execution https://github.com/cube0x0/CVE-2021-1675 Contains full details on scannin...

Updated 2 weeks ago by 0xBEN

Manual Enumeration

Active Directory Post Exploitation: Enumeration

net.exe Drawbacks net does not show nested groups net only shows up to 10 groups even if a u...

Updated 2 weeks ago by 0xBEN

BloodHound

Active Directory Post Exploitation: Enumeration

1. Installation sudo apt install -y neo4j bloodhound 2. Setup sudo neo4j console & Navi...

Updated 2 weeks ago by 0xBEN

PowerView

Active Directory Post Exploitation: Enumeration

Overview A set of PowerShell functions that can be used to enumerate ActiveDirectory. Part of th...

Updated 2 weeks ago by 0xBEN

Passback Attacks (Internal/External)

Active Directory Initial Attack Vectors

What's the Flaw? Usually involves an unsecure device -- like a printer or multifunction device -...

Updated 2 weeks ago by 0xBEN

IPv6 DNS Spoofing (Internal)

Active Directory Initial Attack Vectors

Note: Network Environment This spoofing attack and works by sending a router announcement to mul...

Updated 2 weeks ago by 0xBEN

SMB Relay (Internal/External)

Active Directory Initial Attack Vectors

Note: Network Environment This attack works best in a flat network. However, as long as the atta...

Updated 2 weeks ago by 0xBEN

LLMNR Poisoning (Internal)

Active Directory Initial Attack Vectors

Note: Network Environment Given that LLMNR is a name resolution protocol that works on the Local...

Updated 2 weeks ago by 0xBEN

Computer Networking: MAC Addressing and ARP

PJPT Study Group Lessons Session 2: Nov. 13, 2023

Media Access Control Address Identifies the physical network interface of a host Hexadecima...

Updated 3 weeks ago by 0xBEN

Computer Networking: Encapsulation and Decapsulation

PJPT Study Group Lessons Session 2: Nov. 13, 2023

TCP/IP Model vs. OSI Model TCP/IP Model The sender sends from Layer 4 down to Layer 1The recipi...

Updated 4 weeks ago by 0xBEN

NoMachine Customizations

Kali Optimizations

Proxmox VM vs Linux Container This page was written when I was using Kali Linux in a Proxmox VM....

Updated 1 month ago by 0xBEN

Installing Wine and Wine Dependencies

Kali Optimizations

Considerations I urge you to consider taking a snapshot of your Kali instance at its current sta...

Updated 1 month ago by 0xBEN

Dumping Passwords from Windows Credential Manager

Active Directory Post Exploitation: Attacks

Credential Enumeration cmdkey /list In reverse shells, I have noticed that it's impossible to s...

Updated 1 month ago by 0xBEN

Spawn Processes as Other Users

Active Directory Post Exploitation: Attacks

RunasCs.exe Project GitHub https://github.com/antonioCoco/RunasCs/releases Example Usage Spaw...

Updated 1 month ago by 0xBEN

Pass the Key

Active Directory Post Exploitation: Attacks

Kerberos Encryption Keys Policies on the domain controller will dictate which encryption algorit...

Updated 1 month ago by 0xBEN

Pass the Ticket

Active Directory Post Exploitation: Attacks

Anatomy of a Kerberos Ticket [0;97d82]-2-0-40e10000-t2_felicia.dean@krbtgt-ZA.TRYHACKME.COM.kirb...

Updated 1 month ago by 0xBEN

DCSync

Active Directory Post Exploitation: Attacks

DCSync Overview DC Sync is a legitimate function of Active Directory environments where a domain...

Updated 1 month ago by 0xBEN