Advanced Search
Search Results
83 total results found
Dumping data from the Microsoft Recall folder
Recently, Microsoft announced their new AI Recall feature that will be enabled on a new hardware generation called Copilot+ PC. I won't bore you with the details as the topic has been vastly covered already in YouTube videos and other major information sources...
Gaining persistence on Windows with Time Providers
When authenticating into a Domain Controller using the Kerberos protocol, especially during a CTF, we've all encountered the infamous Kerberos Clock Skew error, it looks something like this: Kerberos SessionError: KRB_AP_ERR_SKEW(Clock skew too great) This er...
NetExec Cheat Sheet
A cheat sheet for NetExec and CrackMapExec, featuring useful commands and modules for different services to use during Pentesting Enumeration Initial Enumeration netexec smb target Null Authentication netexec smb target -u '' -p '' Guest Authentication netex...
Abusing Resource-Based Constrained Delegation
RBCD Enumerate MachineAccountQuota β nxc ldap DC01.push.vl -u kelly.hill -p '<REDACTED>' -M maq SMB 10.10.217.5 445 DC01 [*] Windows Server 2022 Build 20348 x64 (name:DC01) (domain:push.vl) (signing:True) (SMBv1:False) LDAP 1...
Sliver C2
https://github.com/BishopFox/sliver Installation Download both the sliver-server and sliver-client from the release for your platform and you are done :) β sliver wget https://github.com/BishopFox/sliver/releases/download/v1.5.42/sliver-client_linux β sli...
checksec
Description checksec is a security auditing tool used to examine compiled binaries and determine what security protections are enabled. Itβs commonly used in reverse engineering and binary exploitation to assess the difficulty of exploiting a program. checksec...
ACL Cheatsheet
GenericWrite Update object's attributes targetKerberoasting python targetedKerberoast.py -v -d <domain> -u <username> -p <password> hashcat -m 13100 -a 0 <hash_file> rockyou.txt --force ShadowCredentials certipy shadow auto -u username@domain -p <password>...
BloodyAD Cheatsheet
Retrieve User Information bloodyAD --host $dc -d $domain -u $username -p $password get object $target_username Add User To Group bloodyAD --host $dc -d $domain -u $username -p $password add groupMember $group_name $member_to_add Change Password bloodyAD --ho...