Code Monkey home page Code Monkey logo

1nTh35h3ll's Projects

ad-replication-metadata icon ad-replication-metadata

Track past changes in your AD accounts (users & computers), even if no event logs exist - e.g. not collected, no retention/overwritten, wiped (e.g. during an Incident Response) etc. Uses Replication metadata history parsing

babel-shellfish icon babel-shellfish

Babel-Shellfish deobfuscates and scans Powershell scripts on real-time right before each line execution.

dvs icon dvs

D(COM) V(ulnerability) S(canner) AKA Devious swiss army knife - Lateral movement using DCOM Objects

get-adgroupchanges icon get-adgroupchanges

"Pure" powershell command (no dependencies, no special permissions etc') to retrieve change history in an AD group membership. relies on object metadata rather than event logs. useful for DF/IR, tracking changes in groups etc'.

get-adprincipalkerberostokengroup icon get-adprincipalkerberostokengroup

a powershell implementation of PAC enum (similar to getpac.py). does not require privileges. can enum Effective Token (Kerberos group SIDs) for any user

get-changesinaduser icon get-changesinaduser

Checks for changes in AD users. Useful in finding who|when changed what property of an AD user. Requires 'Event Log Readers' or equivalent. No additional modules required.

get-domainnlastatus icon get-domainnlastatus

Checks for domain-wide computers Network Level Authentication settings in light of RDP Vulns, e.g BlueKeep, DejaBlue

get-lastlogon icon get-lastlogon

One-liner that gets the last logon for an account (user or computer) from all DCs. no dependencies, no special permissions, just LDAP connectivity.

get-ldapperformance icon get-ldapperformance

Collects LDAP Query Performance Events and analyzes them to CSV & Grid. Helps in identifying large or unusual LDAP queries, either for Threat Hunting or IT optimization

get-loggedonuser icon get-loggedonuser

Gets currently logged-on users on domain computers, to see if they are local admins or not.

get-logonworkstationsattributestatus icon get-logonworkstationsattributestatus

Gets the latest Change (if ever) in userWorkstations attribute value (Logon restrictions by user workstations) using Replication property MetaData. No logging/auditing required. No special permissions required, just an authenticated domain user.

get-netsessionenum icon get-netsessionenum

Automate Network sessions enumeration of connected users in the domain, to facilitate AD Reconnaissance for Adversary simulation & Red Teams

get-remotepssession icon get-remotepssession

Query PS Sessions (wsman) for their connected users, IPs & hosts, locally & remotely

get-usersession icon get-usersession

Query user sessions for the entire domain (Interactive/RDP etc), allowing you to query a Username and see all their logged on sessions, whether Active or Disconnected

get-usersession2 icon get-usersession2

Map account sessions for domain Endpoints or specific hosts, both SMB sessions (which accounts are connected via shares) and interactive (RDP, local, RunAs), with No admin permissions needed

hackcon2024 icon hackcon2024

Presentation from HackCon talk - 'It's just a tool. Not bad nor good. That part is up to YOU.'

huntprintnightmareexploitation icon huntprintnightmareexploitation

Looks for evidence of PrintNightmare exploitation execution in Logs. Requires 'Event Log Readers' or higher permissions. Defaults to domain controllers, yet can be pointed to any/all domain machines (using -AllComputers parameter, or changes LDAP query). Outputs results of potential PrintNightmare exploitation to console + CSV file.

invisi-shell icon invisi-shell

Hide your Powershell script in plain sight. Bypass all Powershell security features

invoke-postkrbtgtresetmonitor icon invoke-postkrbtgtresetmonitor

Centralized detection of Golden Tickets via anomalous kerberos tickets detection AFTER resetting the krbtgt password TWICE. No Dependencies/modules. Requires Event Log Readers or equivalent

invoke-tgsmonitor icon invoke-tgsmonitor

Monitor TGS requests (All, or just Failed ones, with Error Code reasons). Useful during a live IR without other central threat hunting log solution, or in general, to monitor access & failure reasons

ldapmonitor icon ldapmonitor

Monitor creation, deletion and changes to LDAP objects live during your pentest or system administration!

misc_tools icon misc_tools

Things that make you go hmm... scripts for fun(ctionality)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.