GoodHound
pentesting-active-directory
GoodHound | pentesting-active-directory | |
---|---|---|
2 | 2 | |
438 | 263 | |
- | - | |
0.0 | 1.6 | |
about 2 years ago | about 1 year ago | |
Python | ||
- | - |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
GoodHound
-
Dealing with large BloodHound datasets
Name Description Url BloodHound BloodHound GUI https://github.com/BloodHoundAD/BloodHound/ PlumHound Generate a report with actions to resolve the security flaws in the Active Directory configuration https://github.com/DefensiveOrigins/PlumHound/ GoodHound GoodHound operationalises Bloodhound by determining the busiest paths to high value targets and creating actionable output to prioritise remediation of attack paths. https://github.com/idnahacks/GoodHound/ BlueHound Tool that helps blue teams pinpoint the security issues that actually matter. By combining information about user permissions, network access and unpatched vulnerabilities, BlueHound reveals the paths attackers would take if they were inside your network. https://github.com/zeronetworks/BlueHound/
- GoodHound - Using Bloodhound as a defender - prioritise which attack paths to fix first.
pentesting-active-directory
-
AD privEsc
It's public, https://github.com/esidate/pentesting-active-directory
-
Active Directory Pentesting mind map by Orange Cyberdefense
An Active Directory Pentesting mind map that was deleted by the original author from Xmind
What are some alternatives?
Keylogger - Get Keyboard,Mouse,ScreenShot,Microphone Inputs from Target Computer and Send to your Mail.
MicrosoftWontFixList - A list of vulnerabilities or design flaws that Microsoft does not intend to fix. Since the number is growing, I decided to make a list. This list covers only vulnerabilities that came up in July 2021 (and SpoolSample ;-))
APT-Hunter - APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the sea of windows event logs to decrease the time to uncover suspicious activity
Villain - Villain is a C2 framework that can handle multiple TCP socket & HoaxShell-based reverse shells, enhance their functionality with additional features (commands, utilities etc) and share them among connected sibling servers (Villain instances running on different machines).
UltimateAppLockerByPassList - The goal of this repository is to document the most common techniques to bypass AppLocker.
NIST-to-Tech - An open-source listing of cybersecurity technology mapped to the NIST Cybersecurity Framework (CSF)
ansible-ad-inventory - Ansible Active Directory Inventory script
A-Red-Teamer-diaries - RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.
LOLBAS - Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)
BypassAV - This map lists the essential techniques to bypass anti-virus and EDR
SlackPirate - Slack Enumeration and Extraction Tool - extract sensitive information from a Slack Workspace
chophound - Some scripts to support with importing large datasets into BloodHound