Boilerplates

BloodHound

To confirm this issue, the testers used an Active Directory cartography and analysis tool called BloodHound (https://github.com/BloodHoundAD/BloodHound). This tool starts by collecting data from the Active Directoy instance via LDAP queries and imports this data into a database. The database can then be queried to obtain information on potential misconfigurations.

The testers used the following Cipher query to [...]

Nuclei

To confirm this issue, the testers used Nuclei (https://github.com/projectdiscovery/nuclei), a vulnerability scanner developed by Project Discovery. Nuclei operates by employing predefined templates or "nuclei signatures" to systematically send targeted requests to web servers, effectively identifying security weaknesses and misconfigurations in web applications.

Metasploit Framework

To exploit identified vulnerabilities, the testers utilized the Metasploit Framework (https://github.com/rapid7/metasploit-framework), a versatile penetration testing tool.

NetExec

The testers used NetExec (https://github.com/Pennyw0rth/NetExec) an open-source post-exploitation and penetration testing tool designed to automate a variety of tasks during security assessments. In particular, they used the MODULE_NAME module to identify [...]

rdp-sec-check

To confirm this issue, the testers used rdp-sec-check (https://github.com/CiscoCXSecurity/rdp-sec-check) a script to enumerate security settings of an RDP Service (AKA Terminal Services).

kerbrute

To confirm this issue, the testers used kerbrute (https://github.com/ropnop/kerbrute), a tool to quickly bruteforce and enumerate valid Active Directory accounts through Kerberos Pre-Authentication.

Responder

To confirm this issue, the testers used Responder (https://github.com/lgandx/Responder), a network protocol poisoner and relay.