Hacking Tools

ADSpider : Advanced Real-Time Monitoring Of Active Directory Changes

Tool for monitor Active Directory changes in real time without getting all objects. Instead of this it use replication metadata and Update Sequence Number (USN) to filter current properties of objects.

Parameters

DC – domain controller FQDN.
Formatlist – output in list instead of table.
ExcludelastLogonTimestamp – exclude lastLogonTimestamp events from output
DumpAllObjects – dump all active directory before start. In case of changes It will show you all previous values. But in large domains use it on your own risk (time and resource consuming).
Short – in output will be only AttributeName, AttributeValue, LastOriginChangeTime and Explanation.
Output – create XML file with all output.
ExcludeObjectGUID – exclude Active Directory object with specific GUID.
Sleep – time interval between requests for USN number. By default – 30 seconds.
USN – specify started USN.
DisplayXML – display previous captured XML file.

How To Use

Prerequisites

PowerShell module for Active Directory

Domain Computer

Just run module in powershell session from domain user. For better performance use domain controller FQDN instead of IP address.

Import-module .\ADSpider.ps1
Invoke-ADSpider -DC DC01.domain.com

Non-Domain Computer

Start powershell session with domain user with runas. Check that domain controller accessible. For better performance use domain controller FQDN instead of IP address.

## From cmd or powershell
runas /netonly /u:domain.com\MyUser powershell
## From powershell
Import-module .\ADSpider.ps1
Invoke-ADSpider -DC DC01.domain.com
Varshini

Tamil has a great interest in the fields of Cyber Security, OSINT, and CTF projects. Currently, he is deeply involved in researching and publishing various security tools with Kali Linux Tutorials, which is quite fascinating.

Recent Posts

ModTask – Task Scheduler Attack Tool

ModTask is an advanced C# tool designed for red teaming operations, focusing on manipulating scheduled…

15 hours ago

HellBunny : Advanced Shellcode Loader For EDR Evasio

HellBunny is a malleable shellcode loader written in C and Assembly utilizing direct and indirect…

15 hours ago

SharpRedirect : A Lightweight And Efficient .NET-Based TCP Redirector

SharpRedirect is a simple .NET Framework-based redirector from a specified local port to a destination…

15 hours ago

Flyphish : Mastering Cloud-Based Phishing Simulations For Security Assessments

Flyphish is an Ansible playbook allowing cyber security consultants to deploy a phishing server in…

2 days ago

DeLink : Decrypting D-Link Firmware Across Devices With A Rust-Based Library

A crypto library to decrypt various encrypted D-Link firmware images. Confirmed to work on the…

2 days ago

LLM Lies : Hallucinations Are Not Bugs, But Features As Adversarial Examples

LLMs (e.g., GPT-3.5, LLaMA, and PaLM) suffer from hallucination—fabricating non-existent facts to cheat users without…

2 days ago