LDAP Firewall
is an open-source tool for Windows servers that lets you audit and restrict incoming LDAP requests.
Its primary use-cases are to protect Domain Controllers, block LDAP-based attacks and tightly control access to the Active Directory schema (e.g enforcing read-only access for users).
The tool is written in C++ and makes use of the Microsoft Detours and JsonCpp packages.
Some useful resources to get you started:
The LDAP Firewall inspects incoming LDAP operations (which are used to read or modify entries in the AD schema) and allows or blocks the request based on the configured rules.
The operation also gets written into the Windows Event Log with the LDAPFW action and other relevant fields (Distinguished Name, attributes, OID etc.).
This section describes some common LDAP-based attacks that can be mitigated with the LDAP Firewall.
Sample config.json files can be found in the example_configs folder of this repository.
LDAPFW can be configured to block all Add operations in order to completely prevent Name Impersonation (CVE-2021-42278) and thus defend against sAMAccountName spoofing.
For more information click here.
vArmor is a cloud-native container sandbox system. It leverages Linux's AppArmor LSM, BPF LSM and Seccomp technologies to implement enforcers.…
Explore the cutting-edge framework 'DOLOST,' designed to innovate the field of cyber deception. This tool…
GeoServer is an open-source software server written in Java that provides the ability to view,…
It is a Code and Infrastructure (IaC) and Cloud-native Scanning/SAST/Static Analysis/Linting solution using many tools/Scanners…
Scan your source code and infra IaC against top security risks Betterscan is a orchestration toolchain that…
SQLRecon is a Microsoft SQL Server toolkit that is designed for offensive reconnaissance and post-exploitation.…