10.9. 横向移动¶
10.9.1. 域¶
- impacket is a collection of Python classes for working with network protocols
- adidnsdump Active Directory Integrated DNS dump tool
- BloodHound Six Degrees of Domain Admin
- PlumHound Bloodhound for Blue and Purple Teams
- windapsearch Python script to enumerate users, groups and computers from a Windows domain through LDAP queries
- ldapdomaindump Active Directory information dumper via LDAP
- Kerberoast a series of tools for attacking MS Kerberos implementations
- ADRecon Active Directory Recon
- Creds Some usefull Scripts and Executables for Pentest & Forensics
- Lithnet Password Protection for Active Directory Active Directory password filter featuring breached password checking and custom complexity rules
- ASREPRoast Project that retrieves crackable hashes from KRB5 AS-REP responses for users without kerberoast preauthentication enabled.
10.9.2. LDAP¶
- SharpHound3 Data Collector for the BloodHound Project
10.9.3. 微软系产品利用¶
- LyncSniper A tool for penetration testing Skype for Business and Lync deployments
- MSOLSpray A password spraying tool for Microsoft Online accounts (Azure/O365)
- MailSniper MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms
10.9.4. Azure AD¶
- ROADtools Azure AD exploration framework
- Stormspotter Azure Red Team tool for graphing Azure and Azure Active Directory objects
10.9.5. Exchange¶
- ruler A tool to abuse Exchange services
- MailSniper
- PrivExchange Exchange your privileges for Domain Admin privs by abusing Exchange
10.9.6. PowerShell¶
10.9.7. 内网信息收集¶
- nbtscan NetBIOS scanning tool
- SharpShares Quick and dirty binary to list network share information from all machines in the current domain and if they're readable
- WinShareEnum Windows Share Enumerator
- HackBrowserData 全平台的浏览器数据导出工具
10.9.8. Kerberos¶
- Rubeus
- kerbrute A tool to perform Kerberos pre-auth bruteforcing
- kerberoast A series of tools for attacking MS Kerberos implementations
10.9.9. 自动化审计¶
- Infection Monkey Data center Security Testing Tool
10.9.10. 绕过¶
- SysWhispers AV/EDR evasion via direct system calls
- SysWhispers2 AV/EDR evasion via direct system calls
- Dumpert LSASS memory dumper using direct system calls and API unhooking