Attacking Active Directory
Current Tradecraft
General
- https://m0chan.github.io/2019/07/31/How-To-Attack-Kerberos-101.html
- https://hausec.com/2019/03/12/penetration-testing-active-directory-part-ii/
- https://www.pentestpartners.com/security-blog/how-to-kerberoast-like-a-boss/
- https://0xeb-bp.github.io/blog/2019/11/21/practical-guide-pass-the-ticket.html
- Mind-blown thesis-like post on Kerberos Delegation attack primitives, one of those you need to make it your “research” goal of the month to actually understand what it’s saying. It touches so many Kerberos concepts that a lot of parallel reading is required: https://shenaniganslabs.io/2019/01/28/Wagging-the-Dog.html
Kerberoasting
- Oh, My Kerberos! Do Not Get Kerberoasted!. Good preliminary explanation on how SPNs work.
- kerberos attack techniques - kerberoast
Cheatsheets
- Kerberos cheatsheet by Tarlogic A cheatsheet with commands that can be used to perform kerberos attacks
Create New Machine Account
PowerMad is a powershell script that leverages .NET calls to create new machine accounts.
Repo: https://github.com/Kevin-Robertson/Powermad Blog Post: https://blog.netspi.com/exploiting-adidns/
Tools and Scripts
DSInternals
https://github.com/MichaelGrafnetter/DSInternals
Weaponized Docos
- Evading EDR and decoupling Macro execution: https://blog.f-secure.com/dechaining-macros-and-evading-edr/
Reverse Shells
- Reverse Shell Generator Online –> https://weibell.github.io/reverse-shell-generator/
Mail & SMTP
- Test smtp relay: https://blog.mailtrap.io/test-smtp-relay/
Bruteforcing
There are bazillion ways of bruteforcing stuff on the web, let’s capture some here.
THC Hydra
Hydra is a parallelized password cracker which supports numerous protocols to attack. It is very fast and flexible, and new modules are easy to add: https://github.com/vanhauser-thc/thc-hydra
Autobrute: make it easier to launch THC Hydra against Forms
Autobrute is a script that automates the time consuming process of forming a http-post-form
https://github.com/Random936/autobrute/blob/main/autobrute.py
Process Injection
Shellcode
- Great PoC calc shellcode to use in different scenarios:
- Subvert-PE a tool to inject shellcode with powershell. See blog
AMSI Bypass
- Check https://amsi.fail/ to obfuscate powershell code
PayloadAllTheThings
This is an excellent repository of offensive tradecraft knowledge.
- For Active Directory –> https://gitlab.com/pentest-tools/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Active%20Directory%20Attack.md
Golang
Malware Tricks
ColdFire: Developing malware with Golang
A library that makes it easier than ever. It provides various methods useful for malware development in Golang. Most functions are compatible with both Linux and Windows operating systems
Link: https://github.com/redcode-labs/Coldfire
Kali Linux
Current Tradecraft
Youtube Videos
- Kali on WSL: https://www.youtube.com/watch?v=f8m6tKErjAI