general-offensive-tradecraft

Attacking Active Directory

Current Tradecraft

General

  • https://m0chan.github.io/2019/07/31/How-To-Attack-Kerberos-101.html
  • https://hausec.com/2019/03/12/penetration-testing-active-directory-part-ii/
  • https://www.pentestpartners.com/security-blog/how-to-kerberoast-like-a-boss/
  • https://0xeb-bp.github.io/blog/2019/11/21/practical-guide-pass-the-ticket.html
  • Mind-blown thesis-like post on Kerberos Delegation attack primitives, one of those you need to make it your “research” goal of the month to actually understand what it’s saying. It touches so many Kerberos concepts that a lot of parallel reading is required: https://shenaniganslabs.io/2019/01/28/Wagging-the-Dog.html

Kerberoasting

Cheatsheets

Create New Machine Account

PowerMad is a powershell script that leverages .NET calls to create new machine accounts.

Repo: https://github.com/Kevin-Robertson/Powermad Blog Post: https://blog.netspi.com/exploiting-adidns/

Tools and Scripts

DSInternals

https://github.com/MichaelGrafnetter/DSInternals

Weaponized Docos

  • Evading EDR and decoupling Macro execution: https://blog.f-secure.com/dechaining-macros-and-evading-edr/

Reverse Shells

  • Reverse Shell Generator Online –> https://weibell.github.io/reverse-shell-generator/

Mail & SMTP

  • Test smtp relay: https://blog.mailtrap.io/test-smtp-relay/

Bruteforcing

There are bazillion ways of bruteforcing stuff on the web, let’s capture some here.

THC Hydra

Hydra is a parallelized password cracker which supports numerous protocols to attack. It is very fast and flexible, and new modules are easy to add: https://github.com/vanhauser-thc/thc-hydra

Autobrute: make it easier to launch THC Hydra against Forms

Autobrute is a script that automates the time consuming process of forming a http-post-form

https://github.com/Random936/autobrute/blob/main/autobrute.py

Process Injection

Shellcode

AMSI Bypass

  • Check https://amsi.fail/ to obfuscate powershell code

PayloadAllTheThings

  • For Active Directory –> https://gitlab.com/pentest-tools/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Active%20Directory%20Attack.md

Golang

Malware Tricks

ColdFire: Developing malware with Golang

A library that makes it easier than ever. It provides various methods useful for malware development in Golang. Most functions are compatible with both Linux and Windows operating systems

Link: https://github.com/redcode-labs/Coldfire

Kali Linux

Current Tradecraft

Youtube Videos

  • Kali on WSL: https://www.youtube.com/watch?v=f8m6tKErjAI