red_team_attack_lab
passwordstate-decryptor
red_team_attack_lab | passwordstate-decryptor | |
---|---|---|
5 | 2 | |
476 | 24 | |
- | - | |
4.5 | 0.0 | |
12 months ago | over 1 year ago | |
PowerShell | PowerShell | |
GNU General Public License v3.0 only | - |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
red_team_attack_lab
- Can anyone describe their red team infrastructure?
-
Non-Internet Connected IAC Range
There are some pretty solid examples like splunk attack range or detection lab available on GitHub. They leverage ansible, virtual box, and vagrant. My team used to use red team lab https://github.com/Marshall-Hallenbeck/red_team_attack_lab internally for demos, but has since moved to Snaplabs for the ease of deployment and cost. I can have a junior engineer spin up an entire Ad instance from a template in 5 minutes vs fighting virtual box and ansible to 2 days.
-
Active directory scripts for setting a lab?
Try this https://github.com/Marshall-Hallenbeck/red_team_attack_lab
-
Anyone have experience building a Windows AD lab environment in Docker?
Since you mention your in-depth ELK workflow, have you tried DetectionLab or Splunk's Attack Range? If you just want a fully working AD domain set up with various hosts, you can spin up the Red Team Attack Lab and then hook in your own logging stuff after it's built.
- Red Team Attack Lab for TTP testing & research
passwordstate-decryptor
-
Backdoored password manager stole data from as many as 29K enterprises
Just to clarify the title. It was not a deliberate backdoor on the part of Passwordstate. It was a supply chain attack. There is some history to their security holes (most of the known ones being patched).
https://twitter.com/juanandres_gs/status/1385689464329187329
https://github.com/NorthwaveSecurity/passwordstate-decryptor...
A potential issue in the password management space is that Francisco Partners (owner of NSO Group) owns Lastpass (and LogMeIn).
https://en.wikipedia.org/wiki/NSO_Group
https://www.globenewswire.com/news-release/2020/08/31/208621...
Note: I work in the IAM and PAM space and designed dashboards for saas pass.
-
Password manager Passwordstate hacked to deploy malware on customer systems
There is some history to their security flaws:
https://twitter.com/juanandres_gs/status/1385689464329187329
https://github.com/NorthwaveSecurity/passwordstate-decryptor...
Lastpass suffered multiple reputational hits including data breaches etc and they are still thriving. The parent company of NSO Group (Elliot Management) bought them and there was still not an exodus.
What are some alternatives?
cervantes - Cervantes is an open-source, collaborative platform designed specifically for pentesters and red teams. It serves as a comprehensive management tool, streamlining the organization of projects, clients, vulnerabilities, and reports in a single, centralized location.
keepassxc - KeePassXC is a cross-platform community-driven port of the Windows application “Keepass Password Safe”.
GOAD - game of active directory
PowerShell-Red-Team - Collection of PowerShell functions a Red Teamer may use in an engagement
Infosec_Reference - An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.
malware-course-public
attack_range - A tool that allows you to create vulnerable instrumented local or cloud environments to simulate attacks against and collect the data into Splunk
pass-import - A pass extension for importing data from most existing password managers
gitjacker - 🔪 :octocat: Leak git repositories from misconfigured websites
DetectionLab - Automate the creation of a lab environment complete with security tooling and logging best practices
nishang - Nishang - Offensive PowerShell for red team, penetration testing and offensive security.
BadBlood - BadBlood by @davidprowe, Secframe.com, fills a Microsoft Active Directory Domain with a structure and thousands of objects. The output of the tool is a domain similar to a domain in the real world. After BadBlood is ran on a domain, security analysts and engineers can practice using tools to gain an understanding and prescribe to securing Active Directory. Each time this tool runs, it produces different results. The domain, users, groups, computers and permissions are different. Every. Single. Time.