Skip to content

Instantly share code, notes, and snippets.

View vgg-dev's full-sized avatar

VGG vgg-dev

13 followers · 37 following
View GitHub Profile
@vgg-dev
vgg-dev / gist:67b03a6fef8f0979c9f516e4271fed77
Created March 9, 2018 15:47
ADCP_blog
Auditing Active Directory Offline
The following instrutions will teach you how to analyze Microsoft Active Directory using offine techniques. It does not require persistent connection to the Domain Controller. Instead we will be using an copy of ntds.dit file, a copy of SYSVOL directory, and a copy of SYSTEM registry hive. All of these data points are easily obtained from a Domain Controller using built-in Windows utilities.
This tutorial will cover setting up proper tools, obtaining neccesary information, and analyzing Active Directory.
I. Set-up
We would use Windows 10 Pro workstattion for this audit, however Windows 7 would work as well. Additionally we would need a virtualized instance of Windows Server to mount an offline copy of ntds.dit. We would use Windows Server 2016 Core guest OS in VirtualBox. Finally we need to install audit tools. We would use AD-Control-Path (add url) and DSInternals powershel module (add url).
Note: I strongly suggest using VirtualBox for virtualization rather than VMWare
@vgg-dev
vgg-dev / gist:84f403f64ab93399a179709f91fe1933
Created November 21, 2019 18:01 — forked from jeffmcjunkin/gist:7b4a67bb7dd0cfbfbd83768f3aa6eb12
Useful Cypher queries for BloodHound
MATCH (u:User)-[r:AdminTo|MemberOf*1..]->(c:Computer
RETURN u.name
That’ll return a list of users who have admin rights on at least one system either explicitly or through group membership
---------------
MATCH
(U:User)-[r:MemberOf|:AdminTo*1..]->(C:Computer)
WITH
U.name as n,
@vgg-dev
vgg-dev / noip2.service
Created May 1, 2020 15:55 — forked from NathanGiesbrecht/noip2.service
Systemd Service file for no-ip.com dynamic ip updater
# Simple No-ip.com Dynamic DNS Updater
#
# By Nathan Giesbrecht (http://nathangiesbrecht.com)
#
# 1) Install binary as described in no-ip.com's source file (assuming results in /usr/local/bin)
# 2) Run sudo /usr/local/bin/noip2 -C to generate configuration file
# 3) Copy this file noip2.service to /etc/systemd/system/
# 4) Execute `sudo systemctl daemon-reload`
# 5) Execute `sudo systemctl enable noip2`
# 6) Execute `sudo systemctl start noip2`
@vgg-dev
vgg-dev / helpful-urls
Last active May 15, 2020 18:07
Helpful URLs:
https://www.digitalocean.com/community/questions/self-hosted-ngrok-or-serveo-alternative
https://www.everythingcli.org/
https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-18-04
@vgg-dev
vgg-dev / gist:5a899b6ef6bf0f20a0a0cbd665fcd098
Last active July 20, 2023 18:37
List all AD users without SCRIL flag
dsquery * -filter "(&(ObjectCategory=Person)(ObjectClass=User)(!userAccountControl:1.2.840.113556.1.4.803:=262144))" -attr userPrincipalName distinguishedName description -limit 0
Get-ADGroup "Domain Admins" | Select-Object DistinguishedName
Get-ADUser -LDAPfilter "(&(ObjectCategory=Person)(ObjectClass=User)(!userAccountControl:1.2.840.113556.1.4.803:=262144)(memberOf:1.2.840.113556.1.4.1941:=CN=Domain Admins,CN=Users,DC=homelab,DC=local))" | Export-Csv -Path <filename>
dsquery * -filter "(&(ObjectCategory=Person)(ObjectClass=User)(!userAccountControl:1.2.840.113556.1.4.803:=262144)(memberOf:1.2.840.113556.1.4.1941:=CN=Domain Admins,CN=Users,DC=homelab,DC=local))" -attr userPrincipalName distinguishedName description -limit 0
Get-ADUser -LDAPfilter "(&(ObjectCategory=Person)(ObjectClass=User)(!userAccountControl:1.2.840.113556.1.4.803:=262144)(memberOf:1.2.840.113556.1.4.1941:=CN=Domain Admins,CN=Users,DC=homelab,DC=local))" -Properties * | Export-csv -NoTypeInformation -Path <filename>
Get-ADUser -LDAPfilte