From 759b08bb9e157cb37656541aec02116c0533279a Mon Sep 17 00:00:00 2001 From: Sam Freeside Date: Mon, 9 Dec 2024 11:27:16 +0300 Subject: [PATCH] [AHK] Automatic update :alien: --- pentest/infrastructure/ad/attack-trusts.md | 2 +- pentest/infrastructure/ad/av-edr-evasion/README.md | 1 + pentest/infrastructure/ad/kerberos/kerberos-relay.md | 1 + 3 files changed, 3 insertions(+), 1 deletion(-) diff --git a/pentest/infrastructure/ad/attack-trusts.md b/pentest/infrastructure/ad/attack-trusts.md index 39ff8f7..90fb174 100644 --- a/pentest/infrastructure/ad/attack-trusts.md +++ b/pentest/infrastructure/ad/attack-trusts.md @@ -1,6 +1,6 @@ # Attack Trusts -> *"Note that the Active Directory domain is not the security boundary; the AD forest is."* - Sean Metcalf ([ref](https://adsecurity.org/?p=1640)) +> *"Note that the Active Directory domain is not the security boundary; the AD forest is."* (Sean Metcalf, [ref](https://adsecurity.org/?p=1640)) - [http://www.harmj0y.net/blog/redteaming/a-guide-to-attacking-domain-trusts/](http://www.harmj0y.net/blog/redteaming/a-guide-to-attacking-domain-trusts/) - [http://www.harmj0y.net/blog/redteaming/domain-trusts-were-not-done-yet/](http://www.harmj0y.net/blog/redteaming/domain-trusts-were-not-done-yet/) diff --git a/pentest/infrastructure/ad/av-edr-evasion/README.md b/pentest/infrastructure/ad/av-edr-evasion/README.md index fbdae1e..3635504 100644 --- a/pentest/infrastructure/ad/av-edr-evasion/README.md +++ b/pentest/infrastructure/ad/av-edr-evasion/README.md @@ -102,6 +102,7 @@ Note that we don't have to target the exact .NET Framework version when compilin - [https://xss.is/threads/67718/](https://xss.is/threads/67718/) - [https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/](https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/) - [https://www.alteredsecurity.com/post/when-the-hunter-becomes-the-hunted-using-custom-callbacks-to-disable-edrs](https://www.alteredsecurity.com/post/when-the-hunter-becomes-the-hunted-using-custom-callbacks-to-disable-edrs) +- [https://cloudbrothers.info/en/edr-silencers-exploring-methods-block-edr-communication-part-1/](https://cloudbrothers.info/en/edr-silencers-exploring-methods-block-edr-communication-part-1/) diff --git a/pentest/infrastructure/ad/kerberos/kerberos-relay.md b/pentest/infrastructure/ad/kerberos/kerberos-relay.md index 0ef3fbb..f2a26a3 100644 --- a/pentest/infrastructure/ad/kerberos/kerberos-relay.md +++ b/pentest/infrastructure/ad/kerberos/kerberos-relay.md @@ -68,6 +68,7 @@ As [@ShitSecure](https://twitter.com/ShitSecure) mentioned, executing the binary ### KrbRelay-SMBServer +- [https://www.tiraniddo.dev/2024/04/relaying-kerberos-authentication-from.html](https://www.tiraniddo.dev/2024/04/relaying-kerberos-authentication-from.html) - [https://github.com/decoder-it/KrbRelay-SMBServer](https://github.com/decoder-it/KrbRelay-SMBServer) - [https://www.synacktiv.com/publications/relaying-kerberos-over-smb-using-krbrelayx](https://www.synacktiv.com/publications/relaying-kerberos-over-smb-using-krbrelayx)