Cyber security

Domain Audit – Automated Active Directory Penetration Testing

The Tool is a wrapper around PowerView, Impacket, PowerUpSQL, BloodHound, Ldaprelayscan and Crackmapexec to automate the execution of enumeration and a lot of checks performed during a On-Prem Active Directory Penetration test. Thanks to all the authors of the original tools.

Installation AND Setup

  • Install python 3.10 (For example from the Windows store)
git clone https://github.com/0xJs/domain_audit
cd .\domain_audit\import\
git clone https://github.com/SecureAuthCorp/impacket
cd impacket; python3 -m pip install .
cd ../;
git clone https://github.com/zyn3rgy/LdapRelayScan;
cd LdapRelayScan;
python3 -m pip install -r .\requirements.txt
cd ../../;

Make sure the path viariables in the script to the following tools are correct (if you followed the installation steps it should be)

$script:PowerView_Path = "$PSScriptRoot\import\PowerView.ps1"
$script:Powerupsql_Path = "$PSScriptRoot\import\PowerUpSQL.ps1"
$script:Impacket_Path = "$PSScriptRoot\import\impacket"
$script:BloodHound_Path = "$PSScriptRoot\import\Sharphound.ps1"
$script:GpRegisteryPolicy_Path = "$PSScriptRoot\import\GPRegistryPolicy\GPRegistryPolicy.psd1"
$script:CME_Path = "$PSScriptRoot\import\cme"
$script:LdapRelayScan_Path = "$PSScriptRoot\import\LdapRelayScan\LdapRelayScan.py"
  • Issue with accessing Sysvol access denied?
    • To resolve this issue run gpedit.msc, go to Computer -> Administrative Templates -> Network -> Network Provider -> Hardened UNC Paths, enable the policy and click “Show” button.
    • Enter * into “Value name” and enter RequireMutualAuthentication=0,RequireIntegrity=0,RequirePrivacy=0 in value.
    • Enter \\*\NETLOGON into “Value name” and enter RequireMutualAuthentication=0,RequireIntegrity=0,RequirePrivacy=0 in value.
    • Enter \\*\SYSVOL into “Value name” and enter RequireMutualAuthentication=0,RequireIntegrity=0,RequirePrivacy=0 in value.
  • If it still gives problems add the following:
reg add HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths /v "\\*\SYSVOL" /d "RequireMutualAuthentication=0" /t REG_SZ /f
reg add HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths /v "\\*\NETLOGON" /d "RequireMutualAuthentication=0" /t REG_SZ /f

Running Domain_Audit

  • Start PowerShell as Administrator
    • This is required to change the DNS server to DC IP and add domain to hosts file. Otherwise some checks/executions will fail such as Impacket.

Run All Checks

PS C:\Users\user\Desktop> . C:\Tools\domain_audit\domain_audit.ps1
PS C:\Users\user\Desktop> Invoke-ADCheckAll -Domain "amsterdam.bank.local" -User "john" -Password "Welcome2022!" -Server 10.0.0.3
  • Example output at the bottom of the page.

Run Seperate Checks

  • Some checks need the DNS And domain name in the host file. So best is to set that!

Set Dns And Host File

Invoke-ChangeDNS -Server 10.0.0.3 -Domain "amsterdam.bank.local"

Run A Check

Invoke-ADEnum -Domain "amsterdam.bank.local" -User "john" -Password "Welcome2022!" -Server 10.0.0.3
Invoke-ADEnumTrust -Domain "amsterdam.bank.local" -User "john" -Password "Welcome2022!" -Server 10.0.0.3
Invoke-ADCheckSQL -Domain "amsterdam.bank.local" -User "john" -Password "Welcome2022!" -Server 10.0.0.3

Output

The tool will create a directory with the domain name and date on current directory or in the supplied location. In this directory there are three directories:

  • Data, has .csv files from domain objects, bloodhound data and some lists of objects.
  • Findings, has output from checks that could be something interesting or reported as a finding.
  • Checks, has output from checks that should be assessed manually to check ifs something to be reported.

Checks

Invoke-ADCheckAll will execute the following in order:

  • Collect basic data of AD objects and place them in /data/ directory in .csv format
  • Collect data with bloodhound – Collectionmethods all, acl and sessions in the background.
  • Create list of all (enabled) users, admin accounts, computers and groups in /data/
  • List amount of users, groups, computers, OU’s, GPO’s, Administrators, domain controllers and domain functional level.
  • Check if the amount of admins is more then 5% (High amount of admins in the domain)
  • Enumerate domain trusts and trusts within forst
  • Check if AzureAD or Azure SSO is installed
  • Execute a runas in a new window for the SQL checks
    • Check for SQL instances in the domain
    • Check if current user has access to SQL instances
      • Check if the current user is sysadmin
      • Gather database info on SQL instancees
      • Check as who the SQL instance is running
      • Check for database links as sysadmin
      • Run invoke-sqlaudit and save all data
        • Check for weak passwords
        • Check for Execute xp_dirtree and Execute xp_fileexist
  • Check if domain functional level is 2016
  • Check password policy configuration
    • Check for cleartextpasswords = 1
    • Check passwordlength
    • Check passwordcomplexity
    • Check account lockout
  • Check if kerberos policy configuration is changed from the defaults
  • Check if there is a GPO with LAPS in its name
    • Check to which OU’s the GPO is applied to
    • Check the LAPS policy
      • Check adminaccountname
      • Check passwordcomplexity
      • Check passwordlength
      • Check passwordagedays
      • Check pwdexpirationprotection enabled
      • Check admpwdenabled
  • Check if there are systems with LAPS installed
    • Check if there are systems where LAPS isn’t installed on
  • If LAPS GPO found or LAPS computers found – Check if the current user can read LAPS passwords
  • Get all users with a description – Manually check for passwords or interesting information
    • Check if the string pw, pass, ww or wachtwoord is in the description.
  • Get all groups with a description – Manually check for passwords or interesting information
  • Get all computers with a description – Manually check for passwords or interesting information
  • Check if there are admins with a Spn
  • Check if there are users with a Spn
    • Kerberoast users with a Spn
  • Check for users with constrained delegation
  • Check for users with unconstrained delegation
  • Check for computers with constrained delegation
  • Check for computers with unconstrained delegation except domain controllers
  • Check for computers with resource based constrained delegation set
  • Check PASSWD_NOT_REQ attribute on users
    • Checks if users has empty password
  • Check DONT_REQ_PREAUTH attribute on users
    • AS-REP Roast users
  • Check DONT_EXPIRE_PASSWORD attribute on users
  • Check if there are users with reversible encryption
  • Check if there are users that use DES encryption
  • Check if there are domain admins with an old password
  • Check if the KRBTGT has a old password
  • Check for EOL operating systems in the AD
  • Check for EOS Windows 10 versions
  • Check for inactive computerobjects with no login or pwdlastset older then 365 days
  • Check for inactive users that didn’t login the last 365 days
  • Check if all privileged users are part of the protected users groups
  • Check if all privileged users have the flag “This account is sensitive and cannot be delegated”
  • Check if there are members of the following privileged groups: Account Operators, Backup Operators, Print Operators, DNS Admins, Schema Admins
  • Check if there are computerobjects part of a high privileged groups
  • Check who can add computerobjects to the domain
    • Check if this is the default authenticated users group
    • Check what the ms-ds-machineaccountqouta is, if it is null(good) or not-set(bad) or another value.
  • Check ADIDNS
    • if it contains createchild for the authenticated users group
    • If wildcard record exists
  • Check membership of Pre-Windows 2000 Compatible Access group and if authenticated users is still member of it
  • Check if printspooler service is running on the DC
  • Check if LDAP signing is enabled, if LDAPS is configured and LDAPS binding is enabled
  • Check if default Exchange groups exists within the domain
    • Check if there is an Exchange server and if its active
    • Check for memberships in the default Exchange groups
  • Check for passwords in the sysvol
  • Check for passwords in netlogon (scripts, programs etc)
  • Retrieve IP adresses of all computer objects and create /24 ranges for further enumeration
    • Scan the ranges for well known Windows ports + ssh and web. Create lists for each port
    • Checks for SMB on accessible machines
      • Check SMBv1
      • Check signing requirement
      • Check for readable shares
      • Check for writable shares
      • Check if the webservice client is running on accessible machines
    • Check Access
      • Check if the current user is local admin through SMB
      • Check if the current user can access over WINRM
      • Check if the current user can access over RDP
      • Check if the current user can access over MSSQL and is sysadmin (WIP)

TO-DO AND Features

  • Create query for EOS Server versions?
  • Update queries/checks for domain admin/enterprise admins to all privileged groups.
  • Update queries to filter disabled users from data.
  • Check for old vulnerable Exchange permissions
  • Change privileged role function to loop and add more roles
  • Remove -Ping function for accessible machines and execute a portscan for specific ports using Invoke-Portscan
  • Check for access to discovered machines over SMB, RDP, MSSQL etc!
  • Find a way to audit all ACL’s (Invoke-ACLScanner doesnt work well from non domain joined perspective, -ResolvGUIDS breaks!)
  • Add ADCS checks, but need to set this up in a LAB environment first.
  • Add function to skip dns change
  • Add dependancy options to each function

Example output Invoke-ADCheckAll

PS C:\Users\user\Desktop> . C:\Tools\domain_audit\domain_audit.ps1
PS C:\Users\user\Desktop> Invoke-ADCheckAll -Domain "amsterdam.bank.local" -User "john" -Password "Welcome2022!" -Server 10.0.0.3

[+] Running as administrator, changing DNS to 10.0.0.3 and adding 10.0.0.3 amsterdam.bank.local to host file
[+] AD Authentication for amsterdam.bank.local\john succeeded!
[+] Output will be written in C:\Users\user\Desktop\amsterdam.bank.local-2022-08-22

---------- DATA EXPLAINED ----------
- All data is written to C:\Users\user\Desktop\amsterdam.bank.local-2022-08-22\
- In this folder are three subfolders
- files in \findings\ are findings that should be reported
- files in \checks\ needs to be checked
- files in \data\ is raw data

---------- COLORS EXPLAINED ----------
White is informational text
Green means check has passed
Yellow means manually check the data
Dark Red means finding

---------- GATHERING DATA ----------
[+] Gathering data of all Users, Groups, Computerobject, GPO's, OU's, DC's and saving it to csv
[+] Gathering BloodHound data all, session and ACL in seperate PowerShell session in background

---------- BASIC ENUMERATION ----------
[W] Saving a list of all users to C:\Users\user\Desktop\amsterdam.bank.local-2022-08-22\data\list_users.txt
[W] Saving a list of all enabled users to C:\Users\user\Desktop\amsterdam.bank.local-2022-08-22\data\list_users_enabled.txt
[W] Saving a list of all administrators to C:\Users\user\Desktop\amsterdam.bank.local-2022-08-22\data\list_administrators.txt
[W] Saving a list of all groups to C:\Users\user\Desktop\amsterdam.bank.local-2022-08-22\data\list_groups.txt
[W] Saving a list of all computerobjects to C:\Users\user\Desktop\amsterdam.bank.local-2022-08-22\data\list_computers.txt

---------- DOMAIN INFORMATION ----------
The domain functional level is: Windows 2016
In the domain amsterdam.bank.local there are:
- 27 users and 25 enabled users
- 51 groups
- 4 computers
- 4 OU's
- 2 GPO's
- 3 Administrators
- 1 Domain Controllers

---Checking if amount of admins is more then 5% of all users---
[-] There are 3 administrators, which is 11.11% of all users
[W] Writing to C:\Users\user\Desktop\amsterdam.bank.local-2022-08-22\findings\large_amount_of_administrators.txt

---------- ENUMERATING DOMAIN TRUSTS ----------
[+] The domain amsterdam.bank.local trusts 1 domains which are:
bank.local
[W] Writing to C:\Users\user\Desktop\amsterdam.bank.local-2022-08-22\data\trusts.txt

[+] The trust for domain bank.local is WITHIN_FOREST, enumerating trusts
[+] The domain bank.local trusts 2 domains which are:
amsterdam.bank.local
secure.local
[W] Writing to C:\Users\user\Desktop\amsterdam.bank.local-2022-08-22\data\trusts.txt

---Checking if AzureAD connect is in use---
[+] AzureAD connect is not installed

---Checking if Azure SSO is in use---
[+] Azure SSO is not configured

---------- EXECUTING CHECKS ----------
[+] Executing in another window because runas is required
[+] Pleace manually supply the Password Welcome2022!
--- Running SQL checks in new window ---
Enter the password for amsterdam.bank.local\john:
Attempting to start powershell.exe -Exec bypass -NoExit Import-Module C:\Tools\domain_audit\domain_audit.ps1; Set-Variable Findings_Path -Value C:\Users\user\Desktop\amsterdam.bank.local-2022-08-22\findings; Set-Variable Data_Path -Value C:\Users\user\Desktop\amsterdam.bank.local-2022-08-22\data; Set-Variable Checks_Path -Value C:\Users\user\Desktop\amsterdam.bank.local-2022-08-22\checks; Set-Variable OutputDirectoryCreated -Value True; Invoke-ADCheckSQL -Domain amsterdam.bank.local -Server 10.0.0.3 -User john -Password Welcome2022! -SkipPrompt as user "amsterdam.bank.local\john" ...

---Checking password policy---
[+] Passwordpolicy contains ClearTextPassword=0. Domain controller does not save passwords in cleartext
[-] Password length requirement is 7 characters
[-] PasswordComplexity is 0 (Disabled)!
[-] LockOutBadCount is 0, accounts wont be locked!
[-] ResetLockoutCount is not set
[-] LockoutDuration is not set
Writing password policy to C:\Users\user\Desktop\amsterdam.bank.local-2022-08-22\findings\passwordpolicy.txt

---Checking if there is a GPO with LAPS---
[-] There is no GPO with LAPS in their name

---Checking if LAPS is enabled on any computerobject---
[-] There are no systems where LAPS is enabled
[W] Writing to C:\Users\user\Desktop\amsterdam.bank.local-2022-08-22\findings\laps_notenabled.txt

---Checking description field for passwords---
[-] There are 4 users that have a description, please manually check for passwords!
[W] Writing to C:\Users\user\Desktop\amsterdam.bank.local-2022-08-22\checks\description_users.txt

---Checking groups description field for interesting information---
[-] There are 45 groups that have a description, please manually check for passwords or interesting information!
[W] Writing to C:\Users\user\Desktop\amsterdam.bank.local-2022-08-22\checks\description_groups.txt

---Checking computerobjects description field for interesting information---
[+] There are no computerobjects with a description

---Checking kerberoastable administrators---
[-] There are 1 kerberoastable administrators
[W] Writing to C:\Users\user\Desktop\amsterdam.bank.local-2022-08-22\findings\administrators_serviceprincipalname.txt

---Checking kerberoastable users---
[-] There are 2 kerberoastable users
[W] Writing to C:\Users\user\Desktop\amsterdam.bank.local-2022-08-22\findings\users_serviceprincipalname.txt
[+] Requested 2 hashes, please crack with hashcat
[W] Writing to C:\Users\user\Desktop\amsterdam.bank.local-2022-08-22\findings\users_kerberoast_hashes.txt

---Checking if there are users with the DONT_REQ_PREAUTH attribute---
[-] There are 2 users with the attribute DONT_REQ_PREAUTH
[W] Writing to C:\Users\user\Desktop\amsterdam.bank.local-2022-08-22\findings\users_dontrequirepreath.txt
[+] Requested 2 hashes, please crack with hashcat
[W] Writing to C:\Users\user\Desktop\amsterdam.bank.local-2022-08-22\findings\users_aspreproast_hashes.txt

---Checking constrained delegation users---
[-] There are 1 users that have constrained delegation enabled
[W] Writing to C:\Users\user\Desktop\amsterdam.bank.local-2022-08-22\findings\users_constrained_delegation.txt

---Checking unconstrained delegation computerobjects, excluding domain-controllers---
[-] There are 1 users that have unconstrained delegation enabled
[W] Writing to C:\Users\user\Desktop\amsterdam.bank.local-2022-08-22\findings\users_unconstrained_delegation.txt

---Checking constrained delegation computerobjects---
[+] There are no computerobjects with constrained delegation

---Checking unconstrained delegation computerobjects, excluding domain-controllers---
[-] There are 1 computerobjects that have unconstrained delegation enabled
[W] Writing to C:\Users\user\Desktop\amsterdam.bank.local-2022-08-22\findings\computers_unconstrained_delegation.txt

---Checking resource based constrained delegation computerobjects---
[+] There are no computerobjects with resource based constrained delegation

---Checking if there are users with the PASSWD_NOTREQD attribute---
[-] There are 2 users with the attribute PASSWD_NOTREQD
[W] Writing to C:\Users\user\Desktop\amsterdam.bank.local-2022-08-22\findings\users_passwdnotreqd.txt

---Checking for users with empty password---
[-] The password for user bank_dev is empty
[-] The password for user steve is empty

---Checking if there are users with the DONT_EXPIRE_PASSWORD attribute---
[-] There are 17 users with the attribute DONT_EXPIRE_PASSWORD
[W] Writing to C:\Users\user\Desktop\amsterdam.bank.local-2022-08-22\findings\users_dontexpirepassword.txt

---Checking if there are users with the reversible encryption---
[+] There are no users with reversible encryption

---Checking if there are users with DES encryption---
[+] There are no users with DES encryption

---Checking if administrator accounts - that aren't disabled - have a password older then 365 days---
[+] There where no enabled administrators with a password older then 365 days

---Checking if KRBTGT account has a password older then 365 days---
[+] The password from the krbtgt is not older then 365 days

---Checking if there are EOL operating systems in the AD---
[+] There are no computerobjects in the AD that are EOL

---Checking if there are end of service Windows 10 operating systems in the AD---
[+] There are no Windows 10 computerobjects computerobjects in the AD that are End Of Service

---Checking if there are computerobjects that have no login or login/pwdlastset older then 365 days---
[+] There are no computerobjects in the AD that are inactive

---Checking if there are users that didn't login for 365 days---
[+] There are no users in the AD that are inactive (didn't login or changed their password in the last 365 days)

---Checking if members of privileged groups are part of the protected users group---
[-] There are 3 privileged users not part of the protected users group
[W] Writing to C:\Users\user\Desktop\amsterdam.bank.local-2022-08-22\findings\administrators_notin_protectedusersgroup.txt

---Checking if members of privileged groups have the flag 'this account is sensitive and cannot be delegated'---
[-] There are 3 privileged users without the flag 'this account is sensitive and cannot be delegated' that aren't in the Protected Users group
[W] Writing to C:\Users\user\Desktop\amsterdam.bank.local-2022-08-22\findings\administrators_delegation_flag.txt

---Checking if there are members in high privileged groups---
[+] There are no users in the Account Operators group
[+] There are no users in the Backup Operators group
[+] There are no users in the Print Operators group
[+] There are no users in the DNS Admins group
[+] There are no users in the Schema Admins group

---Checking if there are computerobjects part ofhigh privileged groups---
[+] There are no computerobjects part of a high privileged groups

---Checking who can add computerobjects to the domain---
[-] The authenticated users group(S-1-5-11) can add 10 computerobjects to the domain
[W] Writing to C:\Users\user\Desktop\amsterdam.bank.local-2022-08-22\findings\authenticated_users_can_join_domain.txt
[W] Writing amount of computerobjects that can be joined to the domain by the object to C:\Users\user\Desktop\amsterdam.bank.local-2022-08-22\checks\can_join_domain_amount.txt

---Checking if there are passwords in the SYSVOL share---
This might take a while
[+] Checking SYSVOL of DC02
[-] There might be 1 passwords in the SYSVOL of DC02. Please manually check
Writing to C:\Users\user\Desktop\amsterdam.bank.local-2022-08-22\checks\sysvol_passwords.txt

---Checking if there are passwords in the NETLOGON share---
This might take a while
[+] Checking NETLOGON of DC02
[-] There might be 1 passwords(string pass) in the NETLOGON of DC02. Please manually check
Writing to C:\Users\user\Desktop\amsterdam.bank.local-2022-08-22\checks\netlogon_passwords.txt

---Checking printspooler service on each DC---
[-] Printspooler enabled on DC02
Writing to C:\Users\user\Desktop\amsterdam.bank.local-2022-08-22\findings\printspooler_domaincontrollers.txt

---Running LdapRelayScan---
[W] Writing to C:\Users\user\Desktop\amsterdam.bank.local-2022-08-22\data\domaincontrollers_ldaprelayscan.txt

---Checking for LDAP signing---
[+] One or more domain controller(s) does not require LDAP signing
[W] Writing to C:\Users\user\Desktop\amsterdam.bank.local-2022-08-22\findings\domaincontrollers_no_ldap_signing.txt

---Checking for LDAPS binding---
[+] One or more domain controller(s) does not require LDAPS binding
[W] Writing to C:\Users\user\Desktop\amsterdam.bank.local-2022-08-22\findings\domaincontrollers_no_ldaps_binding.txt

---Checking if exchange is used within the domain---
[+] No Exchange groups exist

---Checking which machines are reachable from current machine through ping---
[+] There are 3 computers which are reachable
[W] Writing to C:\Users\user\Desktop\amsterdam.bank.local-2022-08-22\data\computers_accessible.txt

---Running crackmapexec against each reachable host enumerating SMB data and shares---
[+] Crackmapexec will hang and needs a enter to continue
[W] Writing to C:\Users\user\Desktop\amsterdam.bank.local-2022-08-22\data\crackmapexec_reachablecomputers.txt

---Checking for hosts which have SMBV1 enabled---
[+] There are no reachable computers which have SMBV1 enabled (SMBv1:True)

---Checking for hosts without signing---
[+] There are 2 reachable computers which does not require signing (Signing:False)
[W] Writing to C:\Users\user\Desktop\amsterdam.bank.local-2022-08-22\findings\computers_nosigning.txt

---Checking for shares with READ access---
[+] There are 4 shares the current user can READ
[W] Writing to C:\Users\user\Desktop\amsterdam.bank.local-2022-08-22\data\shares_read_access.txt

---Checking for shares with WRITE access---
[+] There are 1 shares the current user can WRITE to
[W] Writing to C:\Users\user\Desktop\amsterdam.bank.local-2022-08-22\data\shares_write_access.txt

---Running crackmapexec against each reachable host enumerating webclient service---
[+] Crackmapexec will hang and needs a enter to continue
[W] Writing all data to C:\Users\user\Desktop\amsterdam.bank.local-2022-08-22\data\crackmapexec_webdav.txt

[+] There are 1 systems with the webclient service running
[W] Writing to C:\Users\user\Desktop\amsterdam.bank.local-2022-08-22\findings\computers_webdav.txt

---------- EXECUTING SQL CHECKS ----------
---Checking MSSQL instances---
[+] Found 1 MSSQL instances
[+] Checking connection to each MSSQL instance
[-] The current user can access 1 MSSQL instances
[W] Writing to C:\Users\user\Desktop\amsterdam.bank.local-2022-08-22\findings\SQLserver_user_has_access.txt

---Checking if the user is sysadmin on the accessible instances---
[+] The current user is not sysdmin to any SQL instances

---Checking database links for sysadmin security context---
[-] There are 1 links which run under the security context of a sysadmin user
[W] Writing to C:\Users\user\Desktop\amsterdam.bank.local-2022-08-22\findings\SQLserver_sysadmin_on_links.txt

---Running Invoke-SQLAudit on the accessible instances---
This might take a while
VERBOSE: WEB01.amsterdam.bank.local : No named instance found.
VERBOSE: WEB01.amsterdam.bank.local : Connection Success.
VERBOSE: WEB01.amsterdam.bank.local : Checking for autoexec stored procedures...
[-] Invoke-SQLAudit found 7 issues
[W] Writing to C:\Users\user\Desktop\amsterdam.bank.local-2022-08-22\findings\SQLserver_sqlaudit.txt
Tamil S

Tamil has a great interest in the fields of Cyber Security, OSINT, and CTF projects. Currently, he is deeply involved in researching and publishing various security tools with Kali Linux Tutorials, which is quite fascinating.

Leave a Comment
Share
Published by
Tamil S
Tags: Active DirectoryAutomationcybersecurityPenetration TestingVulnerability Analysis
1 year ago

Recent Posts

Shadow-rs : Harnessing Rust’s Power For Kernel-Level Security Research

shadow-rs is a Windows kernel rootkit written in Rust, demonstrating advanced techniques for kernel manipulation…

2 weeks ago

ExecutePeFromPngViaLNK – Advanced Execution Of Embedded PE Files via PNG And LNK

Extract and execute a PE embedded within a PNG file using an LNK file. The…

3 weeks ago

Red Team Certification – A Comprehensive Guide To Advancing In Cybersecurity Operations

Embark on the journey of becoming a certified Red Team professional with our definitive guide.…

3 weeks ago

CVE-2024-5836 / CVE-2024-6778 : Chromium Sandbox Escape via Extension Exploits

This repository contains proof of concept exploits for CVE-2024-5836 and CVE-2024-6778, which are vulnerabilities within…

4 weeks ago

Rust BOFs – Unlocking New Potentials In Cobalt Strike

This took me like 4 days (+2 days for an update), but I got it…

4 weeks ago

MaLDAPtive – Pioneering LDAP SearchFilter Parsing And Security Framework

MaLDAPtive is a framework for LDAP SearchFilter parsing, obfuscation, deobfuscation and detection. Its foundation is…

4 weeks ago