dostackbufferoverflowgood
vulnerable-AD
Our great sponsors
dostackbufferoverflowgood | vulnerable-AD | |
---|---|---|
13 | 14 | |
1,379 | 1,862 | |
- | - | |
0.0 | 0.0 | |
almost 3 years ago | 12 days ago | |
C | PowerShell | |
- | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
dostackbufferoverflowgood
-
Pre-OSCP Knowledge
This one: https://github.com/justinsteven/dostackbufferoverflowgood
-
BOF Learning Resources?
IDK if the type of BOF has changed since I did it, but https://github.com/justinsteven/dostackbufferoverflowgood was VERY helpful to me.
- Need resources for BO and AD study
-
Asking for help
A topic that many start with is buffer overflows so there are a lot of tutorials it. Maybe start there. A resource on learning that topic that I liked is https://github.com/justinsteven/dostackbufferoverflowgood
-
Important PWK Machines
Master buffer overflows so you can get 25 points out the gate, while you're scanning the other boxes (Yeh...that was a pro tip đ). Justin Stevens will set you right. https://github.com/justinsteven/dostackbufferoverflowgood/blob/master/dostackbufferoverflowgood_tutorial.md
-
BOF in Proving Grounds?
Completing this https://github.com/justinsteven/dostackbufferoverflowgood a few times (the YouTube video is fun and informative to watch too) and a methodical script template that a friend crafted and taught me to use got me over on the BOF. PG and THM didn't exist when I did my last attempt but I would certainly use them if I was taking the exam today. All the best!
-
BOF - Where do I Practice(outside the lab)?
dotackbufferoverflowgood - If youâre interested to get a more in-depth understanding of BoF in order to better apply it in a wider variety of scenarios, do check out https://github.com/justinsteven/dostackbufferoverflowgood. Replicate the PDF step-by-step, youâll learn a lot from this. It also goes through interesting payloads other than the typical reverse shell we normally use.
- For whatever reason, I am having a lot of trouble grasping buffer overflows. What is your favorite resource/video that spelled it out for you when you learned?
- Linux Buffer Overflow on OSCP exam?
-
Tib3rius Tryhackme for BOF of OSCP?
DoStackBufferOverFlowGood: https://github.com/justinsteven/dostackbufferoverflowgood
vulnerable-AD
-
Student 1 Year out from Grad overwhelmed
At one he also mentions Vulnerable-AD, which might be helpful when learning how to identify and respond to AD attacks. This might give you an idea of what other areas/components to focus on with your projects. Good luck!
-
Active Directory Security Tools
VulnerableAD - perfect for creating a vulnerable AD environment - https://github.com/WazeHell/vulnerable-AD
- Failed with 60 points (with Lab report) in first attempt
- Virtual AD environmnet to play with Bloodhound
-
Vulnerable Machines
This is a pretty cool project: https://github.com/WazeHell/vulnerable-AD
-
Test in one month, kinda gave up but also don't want to skip the test nor do I want to completely bomb. I want to at least try, what are some good resources that are either cheaper/free to prepare?
https://github.com/WazeHell/vulnerable-AD for active directory 4 days.
- Can you recommend good active directory labs?
- Need resources for BO and AD study
-
Vulnerable Active Directory Domain Controller for you to attack! Easy, with tools loaded
I created a vulnerable domain controller. I used wazehell's powershell script, so you can do all kinds of attacks.
-
[HELP] :: AD LAB SETUP
I setup automated Chris Longs Detection Lab, to quickly spin up AD environment, AND i took WazeHell's Vulnerable-ad scripts to make the lab vulnerable to all kinds of attacks. Easy and effective lab with a domain controller, 2 servers and a windows 10 client.
What are some alternatives?
OSCP-BoF - This is a walkthrough about understanding the #BoF machine present in the #OSCP exam.
GOAD - game of active directory
Buffer-Overflow-Exploit-Development-Practice - Good For OSCP Training
DVWA - Damn Vulnerable Web Application (DVWA)
HackSysExtremeVulnerableDriver - HackSys Extreme Vulnerable Driver (HEVD) - Windows & Linux
DetectionLab - Automate the creation of a lab environment complete with security tooling and logging best practices
PWK-OSCP-Preparation-Roadmap - Roadmap for preparing for OSCP, anyone is free to use this, and also feedback and contributions are welcome
BadBlood - BadBlood by @davidprowe, Secframe.com, fills a Microsoft Active Directory Domain with a structure and thousands of objects. The output of the tool is a domain similar to a domain in the real world. After BadBlood is ran on a domain, security analysts and engineers can practice using tools to gain an understanding and prescribe to securing Active Directory. Each time this tool runs, it produces different results. The domain, users, groups, computers and permissions are different. Every. Single. Time.
Privilege_Escalation
AutomatedLab - AutomatedLab is a provisioning solution and framework that lets you deploy complex labs on HyperV and Azure with simple PowerShell scripts. It supports all Windows operating systems from 2008 R2 to 2022, some Linux distributions and various products like AD, Exchange, PKI, IIS, etc.
OSCE - Some exploits, which Iâve created during my OSCE preparation.
Testimo - Testimo is a PowerShell module for running health checks for Active Directory against a bunch of different tests