🇷🇴 cristi Profile picture
Dec 5, 2022 6 tweets 2 min read Read on X
5 PRO tips to use in your enumeration for Active Directory pentesting:

(thread)
1. Leverage LDAP queries and enumeration tools such as ADRecon and BloodHound to gather as much information as possible about the Active Directory environment, including user accounts, group memberships, and access rights.
2. Look for common misconfigurations, such as weak passwords and unsecured administrative accounts, as well as access controls that allow users to elevate their privileges or access sensitive data.
3. Use Kerberos enumeration techniques, such as AS-REP Roasting and golden tickets, to bypass authentication controls and gain access to the domain controller.
4. Once you're inside the network, use Mimikatz to extract passwords and other sensitive information from memory, providing access to otherwise secure resources.
5. Use trust relationships to move laterally within the network, without having to compromise additional accounts or exploit vulnerabilities.

#infosec #cybersecurity #pentesting #cybersecuritytips

Like, RT, and follow me @CristiVlad25 for more.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with 🇷🇴 cristi

🇷🇴 cristi Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @CristiVlad25

Mar 21, 2023
From Noob to Pentesting Clients in 2023 👇
1. Be laser focused to become l33t. Cybersecurity is a large field and you can't be an expert of everything.
2. Let's say you choose application security. Here's how I would skill up really fast.
Read 9 tweets
Mar 19, 2023
This got interesting very fast, business development with ChatGPT, concise. Image
Image
Image
Read 4 tweets
Mar 19, 2023
HTTP Parameter Pollution @SecGPT has seen in its training. Image
1. ATO via password reset

The attacker manipulates the HTTP parameters of the password reset page to change the email address associated with the account; then use the password reset link => ATO.
2. Price manipulation in e-commerce platforms

The attacker manipulates the HTTP parameters of an e-commerce website to change the price of a product. The attacker can then purchase the product at a lower price than intended.
Read 5 tweets
Mar 17, 2023
🚀🔒Exciting news! SecGPT is now LIVE!

Trained on thousands of cybersecurity reports, SecGPT revolutionizes cybersecurity with AI-driven insights.👇
1. Trained on an extensive collection of cybersecurity reports, @SecGPT provides you with a deeper understanding of vulnerabilities, exploitation techniques, and emerging trends in cybersecurity.

Its knowledge increases as more reports and writeups are published.
2. Explore SecGPT's capabilities and see how it can assist you in enhancing your cybersecurity expertise.

Try it out for free at alterai.me

#ai #cybersecurity #infosec #pentesting #ethicalhacking #bugbounty #bugbountytips #secgpt
Read 7 tweets
Mar 16, 2023
I never rely on automation alone.

In a recent external pentest, I was going over the assets manually, while running some tools in the background, including nuclei.
1. One instance was running a software vulnerable to arbitrary file deletion. Nuclei didn't even smell it, unfortunately.

What I usually do, is to look over famous exploits for the specific software. And this one was a victim.
2. Another instance was running a software vulnerable to RCE. Thanks @infosec_au for the amazing work that help uncover this.

Nuclei has some templates for this, but they didn't catch it.

Similar to #1, I dug deeper manually and confirmed the vulnerabilty.
Read 4 tweets
Mar 14, 2023
Broken Access Control attack vectors, by #ChatGPT4 👇 Image
1. IDOR

This occurs when an application exposes internal implementation objects, such as files, directories, or database keys, without proper authorization checks. Attackers can manipulate these references to gain unauthorized access to sensitive data.
2. Privilege Escalation

An attacker could exploit insecure access controls to elevate their privileges within the application, allowing them to perform unauthorized actions or access sensitive data.
Read 11 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

:(