Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- psloggedon.exe
- netview.exe
- pvefindaduser.exe
- netsess.exe
- nmap -sU -sS --script smb-enum-sessions.nse --script-args 'smbuser=test, smbpass=test' -p U:137, T:139
- Invoke-UserHunter / Invoke-StealthUserHunter
- Invoke-UserEventHunter
- PowerSploit
- https://www.slideshare.net/harmj0y/i-hunt-sys-admins
- http://www.harmj0y.net/blog/penetesting/i-hunt-sysadmins/
- samr
- https://gallery.technet.microsoft.com/SAMRi10-Hardening-Remote-48d94b5b
- https://www.youtube.com/watch?v=CSdJ_-PhauI
- https://www.blackhat.com/docs/us-16/materials/us-16-Beery-The-Remote-Malicious-Butler-Did-It-wp.pdf
- https://digitalguardian.com/resources/data-security-knowledge-base/endpoint-detection-and-response-edr
- http://www.cybersecuritydocket.com/2015/10/16/edr-tool-review-carbon-black/
- https://www.tufin.com/
- https://github.com/PowerShellMafia/PowerSploit/tree/master/Recon
- https://pastebin.com/raw/0SNSvyjJ
- https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf
- https://docs.microsoft.com/ru-ru/enterprise-mobility-security/solutions/ata-attack-simulation-playbook
- https://blog.netspi.com/5-ways-to-find-systems-running-domain-admin-processes/
- https://github.com/BloodHoundAD/BloodHound/wiki/Data-Collection-Intro
- https://wald0.com/?p=112
- https://blog.stealthbits.com/local-admin-mapping-bloodhound
- https://blog.stealthbits.com/attacks-that-exploit-active-directory-permissions-and-how-to-protect-against-them/
- https://blog.stealthbits.com/exploiting-weak-active-directory-permissions-with-powersploit/
- https://blog.stealthbits.com/attacking-active-directory-permissions-with-bloodhound/
- https://adsecurity.org/?p=3658
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement