Discover and read the best of Twitter Threads about #CrackMapExec

Most recents (2)

🧶 (1/) Reproducing Masky Thread

So it’s a relaxing Friday evening to play with the new awesome #Masky tool by @_ZakSec. I’ll show you here how to reproduce its behavior with #CrackMapExec, #Impacket, #Sliver, #Certify and #Certipy.

Let’s go! ⤵️

#pentest #adcs
🧶 (2/) First things first, I shall enumerate AD CS environment with #CrackMapExec and qwinsta the Victim machine via newly introduced tstool[.]py from #Impacket (thx @nopernik!). For the purpose of this demo I’ll use a DA account to interact with the Victim but any LA will do 👨🏻‍💻
🧶 (3/) I shall now prepare my team server and generate an encrypted Sliver beacon to use it with DInjector 💉
Read 7 tweets
I'm going to <semi> live tweet this Internal Penetration Test. Calling the company Acme
Important notes:
Assumed Breach (Already have a Debian based image, no creds, but solely for the sake of having tools locally)
Landing in the SWIFT gateway network
Flags: DA/SWIFT 1/x
Non-Evasive (we can sound alarms, they're only monitoring and validating our actions, this is not a purple team assessment to fill gaps in their NIPS)
Crystal/Glass/Full-Disclosure whatever your org calls "we'll give you any info you need to progress in terms of network topology"
Starting off with good old Nessus/Nmap one-two punch against the in-scope ranges provided to us during our kick off. #nessus #nmap
Read 33 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!