[*] Certipy is a Python tool to enumerate and abuse misconfigurations in Active Directory Certificate Services (AD CS). Based on the C# variant Certify from @harmj0y and @tifkin_. Installation $ python3 setup.py install Remember to add the Python scripts directory to your path. Usage $ certipy -husage: certipy [-h] [-debug] [-target-ip ip address] [-nameserver nameserver]Read More
The purpose of this module is to automate the deployment of an Active Directory lab for practicing internal penetration testing. Credits to Joe Helle and his PowerShell for Pentesters course regarding the generation of the attack vectors. Instructions Preparation Optional but recommended: Move Module into PSModulePath # Display PSModulePath$env:PSModulePath.split(“;”)# Move module to pathMove-Item .ADLab “C:Windowssystem32WindowsPowerShellv1.0Modules”Read More
[*] Certify is a C# tool to enumerate and abuse misconfigurations in Active Directory Certificate Services (AD CS). @harmj0y and @tifkin_ are the primary authors of Certify and the the associated AD CS research (blog and whitepaper). Usage C:Tools>Certify.exe _____ _ _ __ / ____| | | (_)/ _| | | ___ _ __| |_Read More
SharpSpray is a Windows domain password spraying tool written in .NET C#. Introduction SharpSpray is a C# port of DomainPasswordSpray with enhanced and extra capabilities. This tool uses LDAP Protocol to communicate with the Domain active directory services. Features Can operate from inside and outside a domain context. Exclude domain disabled accounts from the spraying.Read More
Tags: API Documentation, Access, Active Directory, Analysis, Binary, LDAP, Linux, Max, Memory, Parameter, Reverse, Takeover, Windows, pwned, Adalanche adalanche – Active Directory ACL Visualizer – who’s really Domain Admin? Adalanche – Active Directory Acl Visualizer – Who’S Really Domain Admin? Adalanche – Active Directory ACL Visualizer – Who’S Really Domain Admin? I Can Haz DomainRead More
PowerShell toolkit for auditing Active Directory Certificate Services (AD CS). It is built on top of PKISolution‘s PSPKI toolkit (Microsoft Public License). This repo contains a newer version of PSPKI than what’s available in the PSGallery (see the PSPKI directory). Vadims Podans (the creator of PSPKI) graciously provided this version as it contains patches forRead More
Please read the initial JARM blog post for more information. JARM is an active Transport Layer Security (TLS) server fingerprinting tool. JARM fingerprints can be used to: Quickly verify that all servers in a group have the same TLS configuration. Group disparate servers on the internet by configuration, identifying that a server may belong toRead More
A tool to escalate privileges in an active directory network by coercing authenticate from machine accounts (Petitpotam) and relaying to the certificate service. Usage Run ADCSPwn on your target network. authentication will be relayed to. Optional arguments: port – The port ADCSPwn will listen on. remote – Remote machine to trigger authentication from. username –Read More
MacHound is an extension to the Bloodhound audting tool allowing collecting and ingesting of Active Directory relationships on MacOS hosts. MacHound collects information about logged-in users, and administrative group members on Mac machines and ingest the information into the Bloodhound database. In addition to using the HasSession and AdminTo edges, MacHound adds three new edgesRead More
This tool gives blue teams, SOC’s, researchers and companies the ability to detect the active mutations of their domains, thus preventing the use of these domains in fraudulent activities, such as phishing and smishing. For this, Typodetect allows the use of the latest available version of the TLDs (Top Level Domains) published on the IANARead More
