by Ric | Jul 25, 2020 | Azure tools, Cloud, Herramientas / tools
ROADtools is a framework to interact with Azure AD. It currently consists of a library (roadlib) and the ROADrecon Azure AD exploration tool. ROADlib is a library that can be used to authenticate with Azure AD or to build tools that integrate with a database...
by Ric | Jul 14, 2020 | Azure tools, Cloud, Herramientas / tools
Stormspotter creates an “attack graph” of the resources in an Azure subscription. It enables red teams and pentesters to visualize the attack surface and pivot opportunities within a tenant, and supercharges your defenders to quickly orient and prioritize incident...
by Ric | Jul 12, 2020 | Azure tools, Blog, Cloud, Herramientas / tools
MicroBurst includes functions and scripts that support Azure Services discovery, weak configuration auditing, and post exploitation actions such as credential dumping. It is intended to be used during penetration tests where Azure is in use. A collection of scripts...
by Ric | Jul 5, 2020 | AWS tools, Blog, Cloud, Herramientas / tools
CloudGoat is Rhino Security Labs’ “Vulnerable by Design” AWS deployment tool. CloudGoat is Rhino Security Labs’ “Vulnerable by Design” AWS deployment tool. It allows you to hone your cloud cybersecurity skills by creating and...
by Ric | Jul 4, 2020 | AWS tools, Blog, Cloud, Herramientas / tools
Pacu is an open source AWS exploitation framework, designed for offensive security testing against cloud environments. Pacu allows penetration testers to exploit configuration flaws within an AWS account, using modules to easily expand its functionality. Current...
by Ric | Jul 1, 2020 | AWS tools, Blog, Cloud, Herramientas / tools
FireProx Being able to hide or continually rotate the source IP address when making web calls can be difficult or expensive. A number of tools have existed for some time but they were either limited with the number of IP addresses, were expensive, or required...
by Ric | Jun 30, 2020 | AWS tools, Blog, Cloud, Herramientas / tools
Nota: muchas de estas opciones son inseguras. El punto de este video es mostrar que fácil es ejecutar una virtual machine en amazon. Otra nota, puedes ponerle un pihole para hacerlo...
by Ric | Jun 26, 2020 | AWS tools, Cloud, Herramientas / tools
De los creadores de PACU aqui esta un blog que describe las 21 privilege escalation methods que usan: https://rhinosecuritylabs.com/aws/aws-privilege-escalation-methods-mitigation/
by Ric | Jun 18, 2020 | Blog, Herramientas / tools
La verdad no se porque pero la cultura del hacker es muy unida a la cultura de Lock Picking. He tenido la oportunidad de hacerlo en algunas convenciones y es muy interesante. Ultimamente me ha gustado mucho ver videos de Deviant Ollam. Este particularmente es bueno:...
by Ric | Jun 18, 2020 | AWS tools, Azure tools, Cloud, Herramientas / tools
Scout Suite is an open source multi-cloud security-auditing tool, which enables security posture assessment of cloud environments. Using the APIs exposed by cloud providers, Scout Suite gathers configuration data for manual inspection and highlights risk areas. Rather...
by Ric | Jun 14, 2020 | Azure tools, Blog, Cloud, Herramientas / tools
Con azure puedes buildear tu C code por ejemplo https://github.com/GhostPack/SharpUp sin instalar windows: Use a pipeline to automatically build and test your .NET Core projects. Learn how to: Set up your build environment with Microsoft-hosted or self-hosted agents....
by Ric | Jun 3, 2020 | Azure tools, Blog, Herramientas / tools
Cuando estaba haciendo el Azure 500 me encontre que recomiendan explicitamente unas baselines de CIS. Te dicen como checarlo e incluso te lo explican https://docs.microsoft.com/en-us/learn/modules/create-security-baselines/ Los domains son: Create a platform security...
by Ric | May 20, 2020 | Blog, Herramientas / tools
MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords, insider intel, network architecture information, etc.). It can be used as a non-administrative user to search their own email, or by...
by Ric | May 19, 2020 | AWS tools, Blog, Cloud, Herramientas / tools
Este github https://github.com/nagwww/s3-leaks tiene una lista de S3 leaks famosos. Por ejemplo:
by Ric | May 16, 2020 | Blog, Herramientas / tools
Si trabajas mucho con la terminal, verás que se queda corta en muchas utilidades. Es por eso que en post anteriores recomendé instalar tmux o terminator pero puedes ir un paso más e instalar una nueva shell. Si instalas trash, z y Zsh tu vida cambiará, te lo prometo 🙂...
by Ric | May 14, 2020 | Blog, Herramientas / tools
Hola, hoy estaba haciendo analisis de passwords y me encontre con el problema que hashcat dice que los crackeo pero salen como: $HEX[6f6c6468e16c65] Para pasar eso horrible a algo que se puede leer solo necesitan: perl -ne ‘if ($_ =~ m/\$HEX\[([A-Fa-f0-9]+)\]/)...
by Ric | May 5, 2020 | AWS tools, Blog, Cloud, Herramientas / tools
Prowler is a command line tool for AWS Security Best Practices Assessment, Auditing, Hardening and Forensics Readiness Tool. It follows guidelines of the CIS Amazon Web Services Foundations Benchmark (49 checks) and has 40 additional checks including related to GDPR...
by Ric | Apr 19, 2020 | AWS tools, Blog, Cloud, Herramientas / tools
Este es un buscador que te muestra files y buckets de S3 y esta increible. https://buckets.grayhatwarfare.com/ Por ejemplo si buscas Femsa (una de las empresas dueñas de Cocacola en México) puedes ver algunas de sus buckets. ...
by Ric | Apr 18, 2020 | Blog, Herramientas / tools, OSCP
La semana pasada tuve que trabajar con un windows viejo. No tenía powershell y por motivos de la vida no podia usar tampoco meterpreter. Que te queda en la vida cuando tienes que transferir archivos? Lo lógico es wget.exe pero aja como pasas wget.exe? Script a manita,...
by Ric | Mar 31, 2020 | Blog, Herramientas / tools, News, OSCP
April 02, 2020 05:00 PM Europe/Amsterdam After the success of our first webinar we are pleased to announced that Cyber Security Talks is back! Due to the Corona Outbreak we have decided to bring our knowledge sharing sessions straight to your living room! Over the...
by Ric | Mar 26, 2020 | Blog, Cloud, Herramientas / tools
What is Peirates? Peirates is a penetration testing tool for Kubernetes, focused on privilege escalation and lateral movement. It has an interactive interface, wherein the penetration tester chooses actions from the techniques that Peirates encodes. Some of the...
by Ric | Mar 26, 2020 | Blog, Herramientas / tools
At its core, Inveigh is a .NET packet sniffer that listens for and responds to LLMNR/mDNS/NBNS/DNS requests while also capturing incoming NTLMv1/NTLMv2 authentication attempts over the Windows SMB service. The primary advantage of this packet sniffing method on...
by Ric | Mar 12, 2020 | AWS tools, Blog, Cloud, Herramientas / tools
Después de hacer pruebas en AWS puede haberte quedado muchas cosas que al final te pueden costar. Para evitar eso puedes usar una cloud-nuke This repo contains a CLI tool to delete all resources in an AWS account. cloud-nuke was created for situations when you might...
by Ric | Jan 19, 2020 | Blog, Herramientas / tools, OSCP
Vamos a ver tres métodos para hacer privilege escalation en windows. 1.- Cuando tenemos permiso para escribir en algun folder donde hay algun servicio que empieza automáticamente o que lo podemos reiniciar o lo podemos DOS y windows lo reinicia automaticamente 2 .-...
by Ric | Jan 16, 2020 | Blog, Herramientas / tools, OSCP
Hasta ahora en mi blog me habia limitado a usar Nishang sobretodo como reverse shell pero me estoy dando cuenta que tiene más aplicaciones. Un ejemplo es Get-information que extrae automaticamente Powershell environment: Putty trusted hosts: Putty saved sessions:...