ldapsearch-ad is a Python3 script designed for rapid information gathering from a domain controller via its LDAP service. It’s often used immediately after acquiring valid Active Directory credentials, serving as a valuable complement to tools like BloodHound and PingCastle. The script offers flexible installation methods, either through pipx or by cloning its source code and Read More …
Tag: tools
Tool Overview – Shimit
Shimit is a Python-based tool that facilitates the execution of the Golden SAML attack. This attack method allows an adversary to forge SAMLResponse objects, which are then used to bypass authentication and gain unauthorized access to applications relying on SAML for single sign-on. By crafting a signed SAMLResponse, attackers can impersonate any user and achieve Read More …
Tools – validin-phish-feed
The validin-phish-feed is a GitHub repository that provides a feed of phishing domains, curated by the Validin Threat Intelligence Platform. Validin is a company that specializes in internet intelligence, offering services for threat hunting, brand protection, and incident response. Their platform aggregates and analyzes vast amounts of DNS data, host responses, certificates, registration data, and Read More …
Tool Overview – IronNetTR
The GitHub repository IronNetTR, maintained by Mikhail Kasimov (forked from nathanawmk), serves as a centralized public archive for research conducted by IronNet’s Threat Research Teams. IronNetTR is a collection of technical reports and data sets focused on active cyber threats. Unlike general news sites, this repository provides the raw data and technical specifics, such as Read More …
Automating the Audit
Stop Staring at DNS Records If you are new to Information Security, you’ll quickly learn that visibility is your best friend. One of the first things I look at when assessing a domain’s posture is its DMARC (Domain-based Message Authentication, Reporting, and Conformance) record. DMARC tells the world how to handle emails that claim to be Read More …
A Powerful OSINT Tool for Username Discovery
The ability to gather intelligence efficiently is a foundational skill. One effective tool for early stages is Sherlock. Named after the legendary detective, Sherlock is an open-source, Python-based tool designed to help security professionals and researchers locate a specific username across hundreds of different websites and social media platforms simultaneously. How Sherlock Works Sherlock operates Read More …
Frankenmap
Modern Intrusion Detection Systems (IDS) easily spot the distinct signatures of Nmap’s default aggressive probes. Here is a stealth blueprint for getting OS, version, and script data without kicking the front door down: 1. Deconstructing the Aggressive Scan Instead of using -A, use these specific flags to control exactly what information is gathered and how Read More …
NMAP discovery options
I will break down the options for each command. Command 1: sudo nmap -sn 10.0.0.* -oG – | awk ‘/Up$/{print $2}’ –discovery-ignore-rst Summary: This command is used to build a list of “up” machines on a specific subnet (in this case, 10.0.0.*). Breakdown: sudo nmap -sn 10.0.0.*: Performs a simple ping scan (-sn) on the Read More …
evilreplay for Modern Web Security Assessment
Bridging the gap between identifying a flaw and demonstrating its real-world risk can be challenging. The open-source project evilreplay provides a powerful, specialized utility that helps security practitioners effectively assess and report one of the most common web application threats: Cross-Site Scripting (XSS). What is evilreplay? At its core, evilreplay is a weaponized adaptation of Read More …
lsassy: An Offensive Security Tool
lsassy is an open-source tool developed by Login-Sécurité, designed specifically for offensive security practices. Available on GitHub, lsassy expertly facilitates the extraction of credential data from the memory of the Local Security Authority Subsystem Service (LSASS) process in Windows environments. Key Features Primarily, lsassy is adept at dumping credentials stored within LSASS, which is a Read More …