Initial Access Tactics, techniques and procedures: Difference between revisions
Jump to navigation
Jump to search
(Created page with "=== Phishing === * https://0xboku.com/2021/07/12/ArtOfDeviceCodePhish.html * https://medium.com/maltrak/com-objects-p-2-your-stealthy-fileless-attack-bf78318d9165 * https://infosecwriteups.com/recipe-for-a-successful-phishing-campaign-part-1-2-dc23d927ec55 * https://www.xanthus.io/mastering-the-simulated-phishing-attack * https://github.com/Arno0x/EmbedInHTML * https://github.com/L4bF0x/PhishingPretexts * http://lockboxx.blogspot.com/2018/12/gophish-evilginx2-for-phishin...") |
No edit summary |
||
| Line 16: | Line 16: | ||
* https://blog.sublimesecurity.com/red-team-techniques-gaining-access-on-an-external-engagement-through-spear-phishing/ | * https://blog.sublimesecurity.com/red-team-techniques-gaining-access-on-an-external-engagement-through-spear-phishing/ | ||
=== Password | === Password Attacks === | ||
* https://github.com/ | In our engagements we will try many things to gain an initial foothold, however it's best to try all the low hanging fruits before diving deep into a full social engineering and penetration testing engagement. | ||
* https:// | |||
* https://github.com/ | Groups like [https://www.microsoft.com/en-us/security/blog/2022/03/22/dev-0537-criminal-actor-targeting-organizations-for-data-exfiltration-and-destruction/ Lapsus$] show's the world that you don't need to be a great technical hacker to pwn massive corporations and if common password and multi-factor authentication (MFA) attacks work on the likes of [https://en.wikipedia.org/wiki/Lapsus$ Uber, Rockstar games, Okta and so on] then they will work on our hacktivist targets! | ||
* https://github.com/ | |||
If your target uses multi-factor authentication you can try either [https://www.forbes.com/sites/daveywinder/2022/09/18/has-uber-been-hacked-company-investigates-cybersecurity-incident-as-law-enforcement-alerted social engineering] or MFA fatigue. | |||
=== username creation based on recon/osint === | |||
* https://github.com/Mebus/cupp [Free] | |||
* https://github.com/digininja/RSMangler [Free] | |||
* https://github.com/sc0tfree/mentalist [Free] | |||
* https://github.com/urbanadventurer/username-anarchy [Free] | |||
=== Passwords === | |||
* https://github.com/danielmiessler/SecLists/tree/master/Passwords [Free] | |||
* https://github.com/brannondorsey/naive-hashcat/releases/download/data/rockyou.txt [Free] | |||
=== password cracking tools === | |||
* https://www.kali.org/tools/ncrack/ [Free] | |||
* https://www.kali.org/tools/wfuzz/ [Free] | |||
* https://www.kali.org/tools/medusa/ [Free] | |||
* https://www.kali.org/tools/patator/ [Free] | |||
* https://www.kali.org/tools/hydra/ [Free] | |||
* https://www.kali.org/tools/brutespray/ [Free] | |||
=== Searching leaks === | |||
* https://github.com/khast3x/h8mail [Free but includes paid for services] | |||
=== Services === | |||
Please note: DO NOT use intelx[.]io as they have been seen doxing hackers in the past and block the use of VPNs, proxies and Tor. AVOID! | |||
* https://haveibeenpwned.com/ [Free] | |||
* https://haveibeenpwned.com/Pastes [Free] | |||
* https://github.com/vysecurity/LinkedInt | |||
* https://leak-lookup.com/ [Paid. Accepts crypto (XMR & BTC)] | |||
=== Buying Access === | === Buying Access === | ||
* https://genesis.market/ | You can use the genesis market to purchase credentials stolen from targets through the use of info stealer malware. Search your target here to see if you can make a quick win gaining access to an admin account. Any account that allows internal access is always a great start. Invites can be found on forums and markets. | ||
* https://genesis.market/guest/login/index [Paid] | |||
=== Password spraying === | |||
* https://github.com/dafthack/MSOLSpray [Free] | |||
* https://pentestlab.blog/2019/09/05/microsoft-exchange-password-spraying/ [Free] | |||
* https://github.com/blacklanternsecurity/TREVORspray [Free] | |||
=== CVE POCs === | === CVE POCs === | ||
* https://github.com/nomi-sec/PoC-in-GitHub | * https://github.com/nomi-sec/PoC-in-GitHub | ||
Revision as of 22:29, 2 April 2023
Phishing
- https://0xboku.com/2021/07/12/ArtOfDeviceCodePhish.html
- https://medium.com/maltrak/com-objects-p-2-your-stealthy-fileless-attack-bf78318d9165
- https://infosecwriteups.com/recipe-for-a-successful-phishing-campaign-part-1-2-dc23d927ec55
- https://www.xanthus.io/mastering-the-simulated-phishing-attack
- https://github.com/Arno0x/EmbedInHTML
- https://github.com/L4bF0x/PhishingPretexts
- http://lockboxx.blogspot.com/2018/12/gophish-evilginx2-for-phishing.html
- https://book.hacktricks.xyz/phishing-methodology
- https://outflank.nl/blog/2020/03/30/mark-of-the-web-from-a-red-teams-perspective
- https://delta.navisec.io/a-pentesters-guide-part-4-grabbing-hashes-and-forging-external-footholds/
- https://www.rootshellsecurity.net/ntlm_theft-a-tool-for-file-based-forced-ntlm-hash-disclosure/
- https://getgophish.com/ Be sure to remove the identifying headers gophish adds
- https://github.com/curtbraz/PhishAPI
- https://github.com/edoverflow/can-i-take-over-xyz
- https://blog.sublimesecurity.com/red-team-techniques-gaining-access-on-an-external-engagement-through-spear-phishing/
Password Attacks
In our engagements we will try many things to gain an initial foothold, however it's best to try all the low hanging fruits before diving deep into a full social engineering and penetration testing engagement.
Groups like Lapsus$ show's the world that you don't need to be a great technical hacker to pwn massive corporations and if common password and multi-factor authentication (MFA) attacks work on the likes of Uber, Rockstar games, Okta and so on then they will work on our hacktivist targets!
If your target uses multi-factor authentication you can try either social engineering or MFA fatigue.
username creation based on recon/osint
- https://github.com/Mebus/cupp [Free]
- https://github.com/digininja/RSMangler [Free]
- https://github.com/sc0tfree/mentalist [Free]
- https://github.com/urbanadventurer/username-anarchy [Free]
Passwords
- https://github.com/danielmiessler/SecLists/tree/master/Passwords [Free]
- https://github.com/brannondorsey/naive-hashcat/releases/download/data/rockyou.txt [Free]
password cracking tools
- https://www.kali.org/tools/ncrack/ [Free]
- https://www.kali.org/tools/wfuzz/ [Free]
- https://www.kali.org/tools/medusa/ [Free]
- https://www.kali.org/tools/patator/ [Free]
- https://www.kali.org/tools/hydra/ [Free]
- https://www.kali.org/tools/brutespray/ [Free]
Searching leaks
- https://github.com/khast3x/h8mail [Free but includes paid for services]
Services
Please note: DO NOT use intelx[.]io as they have been seen doxing hackers in the past and block the use of VPNs, proxies and Tor. AVOID!
- https://haveibeenpwned.com/ [Free]
- https://haveibeenpwned.com/Pastes [Free]
- https://github.com/vysecurity/LinkedInt
- https://leak-lookup.com/ [Paid. Accepts crypto (XMR & BTC)]
Buying Access
You can use the genesis market to purchase credentials stolen from targets through the use of info stealer malware. Search your target here to see if you can make a quick win gaining access to an admin account. Any account that allows internal access is always a great start. Invites can be found on forums and markets.
Password spraying
- https://github.com/dafthack/MSOLSpray [Free]
- https://pentestlab.blog/2019/09/05/microsoft-exchange-password-spraying/ [Free]
- https://github.com/blacklanternsecurity/TREVORspray [Free]