Commit graph

409 commits

Author SHA1 Message Date
TricksterShubi
d6c991461f
Update acls-dacls-sacls-aces.md 2024-04-30 17:37:19 +02:00
TricksterShubi
e76b388aa4
Update dcsync.md 2024-04-30 17:18:44 +02:00
Carlos Polop
b6cfe83fdd f 2024-04-18 15:42:29 +02:00
Carlos Polop
fe71d5c6d2 f 2024-04-18 05:21:24 +02:00
Carlos Polop
e64fdffa7c f 2024-04-18 05:13:38 +02:00
Carlos Polop
780b55a21d wi 2024-04-18 05:10:20 +02:00
Mane
e8eaf83992
Update domain-escalation.md
fix typo
2024-04-12 10:15:21 +08:00
Mane
c956226239
Add OID Group Link Abuse - ESC13
Reference:

https://posts.specterops.io/adcs-esc13-abuse-technique-fda4272fbd53

https://www.thehacker.recipes/a-d/movement/ad-cs/certificate-templates#issuance-policiy-with-privileged-group-linked-esc13
2024-04-09 03:57:01 +08:00
Mane
54632299d1
fix typo in domain-escalation.md 2024-04-09 03:16:44 +08:00
Mane
f6f017777c
Add Shell access to ADCS CA with YubiHSM - ESC12
Reference: 
https://pkiblog.knobloch.info/esc12-shell-access-to-adcs-ca-with-yubihsm

https://www.thehacker.recipes/a-d/movement/ad-cs/certificate-authority#shell-access-to-adcs-ca-with-yubihsm-esc12
2024-04-09 03:13:19 +08:00
Mane
3f2a13b8f1
Add Relaying NTLM to ICPR - ESC11
Reference: https://blog.compass-security.com/2022/11/relaying-to-ad-certificate-services-over-rpc/
2024-04-09 02:34:03 +08:00
Carlos Polop
35b3c7ccfe a 2024-04-08 00:51:34 +02:00
Carlos Polop
4b64ce2de1 w 2024-04-08 00:37:55 +02:00
CPol
c55d66804a
GITBOOK-4301: No subject 2024-04-06 16:25:58 +00:00
Yassine OUKESSOU
1891e8372b
small typo 2024-04-01 14:25:06 +02:00
Yassine OUKESSOU
2d71374c9f
Removing deleted option and adding some clarification to the text 2024-04-01 14:03:11 +02:00
CPol
31e7f071f5
GITBOOK-4288: change request with no subject merged in GitBook 2024-03-29 18:55:33 +00:00
HackTricks
2c57874949
Merge pull request #825 from manesec/master
Add more tools and small update mssql
2024-03-26 20:16:08 +01:00
Carlos Polop
61e2eb2350 a 2024-03-26 15:56:40 +01:00
Yassine OUKESSOU
72c787cebb
ASREProasting without domain credentials method in asreproast.md
Adding ASrepCatcher tool : ASREProasting without domain credentials method
2024-03-24 01:04:09 +01:00
Mane
983b8069c7
Update abusing-ad-mssql.md
+ Add `EXEC sp_linkedservers`

Ref: https://database.guide/2-ways-to-return-a-list-of-linked-servers-in-sql-server-using-t-sql/
2024-03-18 16:32:25 +08:00
CPol
5b120932f3
GITBOOK-4274: change request with no subject merged in GitBook 2024-03-17 14:42:04 +00:00
CPol
f3dc05632c
GITBOOK-4269: change request with no subject merged in GitBook 2024-03-15 21:27:36 +00:00
Carlos Polop
1fcb0ae066 a 2024-03-15 00:01:13 +01:00
Carlos Polop
944eaa12c9 up 2024-03-09 14:02:01 +01:00
CPol
8ff32d8f1d
GITBOOK-4266: change request with no subject merged in GitBook 2024-03-09 12:57:16 +00:00
cocomelonc
d3dda8a77d python for build injectors example: peekaboo 2024-02-27 14:00:10 +06:00
CPol
7ae219aa33
GITBOOK-4260: change request with no subject merged in GitBook 2024-02-26 10:39:43 +00:00
Carlos Polop
0ee2fda1c6
Merge pull request #800 from bruno-1337/patch-1
Add another option for SeDebugPrivilege Code Execution
2024-02-25 13:21:46 +01:00
CPol
eff83f8dcf
GITBOOK-4251: change request with no subject merged in GitBook 2024-02-18 14:18:26 +00:00
Bruno Badaró
a48e4a82a5
Adding another option for SeDebugPrivilege Code Execution 2024-02-16 21:17:30 -03:00
Mane
cd41e781cf
Update checklist-windows-privilege-escalation.md 2024-02-15 03:15:28 -08:00
Mane
0e796fec20
Update checklist-windows-privilege-escalation.md
Upload procdump64.exe to dump firefox's memory from ippsec

https://youtu.be/fmBb6BgLsC8?t=1740
2024-02-15 03:12:20 -08:00
Carlos Polop
7aaa08ff92 a 2024-02-09 01:38:08 +01:00
Carlos Polop
a2ca955cb9 a 2024-02-09 01:36:13 +01:00
Carlos Polop
10a3b640d6 a 2024-02-08 04:08:28 +01:00
Carlos Polop
79b80044a8 a 2024-02-08 04:06:37 +01:00
Carlos Polop
06a639f4af a 2024-02-07 05:05:50 +01:00
Carlos Polop
797ab87ac5 a 2024-02-05 03:29:11 +01:00
Carlos Polop
7cc077db55 a 2024-02-04 17:10:29 +01:00
Carlos Polop
213f0fc6f6 a 2024-02-03 17:02:14 +01:00
Carlos Polop
9715b0e8a9
Merge pull request #794 from manesec/master
Finding a file in windows and linux base on Creation Time
2024-02-02 19:14:41 +01:00
Carlos Polop
8f81059719
Merge pull request #792 from wowlolx/master
Fixed netsh command for spaces in SSIDs
2024-02-02 19:14:01 +01:00
Mane
d90f632846
Update README.md
Finding a newer files with powershell
2024-02-01 01:42:07 -08:00
wowlolx
67cb9fdd22
Fixed netsh command for spaces in SSIDs 2024-01-31 00:15:10 +05:00
CravateRouge
7db7f86212 Add asreproast bloodyAD 2024-01-18 09:40:35 +00:00
Carlos Polop
f6fafa225b
Merge pull request #781 from manesec/master
Update privileged-groups-and-token-privileges.md, fix typo
2024-01-13 19:36:57 +01:00
Paul
a7f19cb28b fix certipy command use 2024-01-12 17:12:46 +01:00
Carlos Polop
c61eef67c4 arte 2024-01-12 08:53:44 +01:00
Mane
cb0f65d0ae
Update privileged-groups-and-token-privileges.md
- fix typo `dumo` --> `dump`
2024-01-11 23:24:52 -08:00