You got access to vsphere and want to compromise the Windows hosts running on that ESX? 💡 1) Create a clone into a new template of the target VM 2) Download the VMDK file of the template from the storage 3) Parse it with Volumiser, extract SAM/SYSTEM/SECURITY (1/3)

Let’s make Active Directory security education available to all! List your favorite Active Directory security resources. Plz share for reach!

🔥 Super excited to soon present my lifetime project publicly🤩 - 4yrs of R&D 1y in commercial sale - Weaponization of 95 file types - 140kLOC - 20 tools - 10 shellcode exec techniques (ts) - 8 MSI ts - 20 LNK ts - 30 script/macro ts ⚡ Battle tested, low-profile arsenal

💥 ANNOUNCEMENT: Opik v1.0 is released! 💥 Opik is an open source LLM evaluation framework for: 🔥 Implementing LLM-based metrics 🪲 Logging/debugging LLM traces 💯 Scoring, annotating, and versioning LLM data And so much more. Check out the repo below.

⚡ 6000 Private Nuclei Templates ⚡ ✅Download Now - t.me/brutsecurity/831 #bugbounty #bugbountytips #ethicalhacking #infosec #CyberSecurity

1-Subdomainer(contain sudfinder,amass whois mode,amass passive mode,crt/.sh,GitHub,gobuster,knockpy,) 2-chaos(Archived Data) 3-frogy(wayback,bbot,subfinder,findomain,crt.sh) 4-assetfinder (certspotter,hackertarget,threatcrowd,wayback ,bufferover,facebook)

If you have access to #jenkins dashboard use below Script Console cmd for poc ``` def passwdFile = new File("/etc/passwd") println passwdFile.text ``` #P1 #bugbountytips #bugbounty

Made a new tool for a test I was doing. Decided to share with everyone, added it to my toolbox, for sure. It's like having X-ray vision into JS files. Crazy, some of the endpoints it pulled out that were never seen before. github.com/nullenc0de/gofuzz Example:

I decided to take it a step further and make this a @nuclei template. nuclei -target ./ -t /tmp/appdata.yaml Looks like scary things are in appdata. gist.github.com/nullenc0de/4…

Wants to automate Burp Scans? Introducing Blinks 🔨: - Automate Burp Scans in Headless mode - Customizable HTML & XML reports - Webhook integration for real-time alerts github.com/0xAnuj/Blinks #bugbountytips #burpsuite #Pentesting #ethicalhacking

Thrilled to release my latest research on Apache HTTP Server, revealing several architectural issues! blog.orange.tw/2024/08/confu… Highlights include: ⚡ Escaping from DocumentRoot to System Root ⚡ Bypassing built-in ACL/Auth with just a '?' ⚡ Turning XSS into RCE with legacy code from 1996

Dang @defparam's new Lemma project looks nuts.

My notes from labbing AD Certificate Service exploitation. There’s lots of great resources on this but I wanted to share my walkthrough on how to create a vulnerable certificate, common errors and how to exploit using either Certipy or Certify. github.com/myexploit/LAB/blo…

I wrote a fun write-up on ADCS exploitation, including explanations and custom built examples of practical exploitation for all 13 ESC vulnerabilities. It's available on my blog: logan-goins.com/2024-05-04-A… Hope this helps anyone who's interested in #activedirectory security :)

It’s always worth checking for non-production route names such as: qa devenv devenv1 devenv2 devenv3 preprod pre-prod test testing staging stage dev development deploy slave master review prod uat prep version2 github.com/codingo/DNSCewl/b…

[Blog Post] Sign-in with World ID: XSS and ATO via OIDC Form Post Response Mode 👉 security.lauritz-holtmann.de… 👉 hackerone.com/reports/251580… #BugBounty #OIDC #OAuth #XSS (1/2)

This is a great breakdown Philip! Any tools you recommend for Active Directory? Maybe we're missing some on our list: pentestlist.com/categories/i…

ACTIVE DIRECTORY SECURITY: JUMP SERVER PREP and TIPS Always use a Jump Server when managing Infrastructure. Tech's access machine should be a Privileged Access Workstation (PAW). 1: Elevate PowerShell and install all RSAT tools: # TODO Install all needed Management Tools Get-WindowsFeature *RSAT* | Install-WindowsFeature -IncludeAllSubFeature -Restart 2: User accessing the Jump Server should _not_ be a local admin. Use a domain Standard User account in the Remote Desktop Users group on the Jump Server. 3: Get used to right clicking and Run as Admin (sudo) to access those consoles. 4: Quickies I: Right click and run Server Manager as admin to gain access to all of the consoles. II: Either do the same for a PowerShell console or run PowerShell from the above Server Manager instance. III: Memorize key *.CPL (Control Panel Applet). Example: NCPA.CPL [ENTER] IV: Memorize key WIN __ keystrokes V: Hit Start and just start typing to initiate a search VI: TaskMgr.EXE VII: DiskMgmt.MSC VIII: CompMgmt.MSC IX: CTRL SHFT ENTER = Run As Admin * Segmentation here is key. Infrastructure should be in its own ADDS Forest/Domain with _zero trusts_. Jump Server should only accept incoming calls from PAWs.

OpenCTI: Open Cyber Threat Intelligence Platform meterpreter.org/opencti-open…

BREADS: BREaking Active Directory Security meterpreter.org/breads-break…