Explore tweets tagged as #netexec
Active Directory Pentesting Using Netexec Tool: A Complete Guide. #infosec #cybersecurity #cybersecuritytips #microsoft #redteam #informationsecurity #CyberSec #ai #offensivesecurity #infosecurity #cyberattacks #security #oscp #cybersecurityawareness
6
134
465
NetExec v1.4.0 has been released! 🎉. There is a HUGE number of new features and improvements, including:.- backup_operator: Automatic priv esc for backup operators.- Certificate authentication.- NFS escape to root file system. And much more!.Full rundown:.
9
247
796
What do you do if you have compromised a server administrator? Hunt for domain admins🏹. This is what NetExec's latest module "presence" does. It checks for DAs in:.- C:\Users folder.- Processes.- Scheduled Tasks. All done with native Windows protocols. Made by crosscutsaw and me
3
109
430
Did you know that you can kerberoast without any valid credentials? All you need is an account that is ASREProastable. This allows you to request service tickets for any account with a set SPN🔥. NetExec now has a native implementation of this technique, thanks to Azox
7
116
471
How to find the Entra ID sync server - A new NetExec module🔎. Inspired by the great Entra ID talks at #Troopers25, I looked into how to find the Entra ID sync server. Results: The description of the MSOL account, as well as the ADSyncMSA service account reference this server🚀
10
131
452
Based on the research of Akamai, I made a new module on netexec to find every principal that can perform a BadSuccessor attack and the OUs where it holds the required permissions 🔥.
🚀 We just released my research on BadSuccessor - a new unpatched Active Directory privilege escalation vulnerability.It allows compromising any user in AD, it works with the default config, and. Microsoft currently won't fix it 🤷♂️.Read Here -
4
120
429
A new module has been merged into NetExec: change-password🔥. Accounts with STATUS_PASSWORD_EXPIRED aren't a problem anymore, just reset their password. You can also abuse ForceChangePassword to reset another user's password. Made by @kriyosthearcane, @mehmetcanterman and me
3
118
414
NetExec now has native checks for LDAP signing and channel binding capabilities of the target DC, thanks to the implementation of @_zblurx 🚀. I also fixed querying LDAP with non-ASCII characters, so you can finally query groups such as "Dämonen-Administratoren"🎉
7
81
364
#OSCP Feast Network Pwned. This gave me deep insight into AWS enumeration and exploiting poorly secured S3 buckets. Active Directory was EZPZ using just BloodHound, NetExec, net rpc, and Evil-WinRM.
2
5
40
Finally, two new options by @Defte_ got merged into NetExec🔥. --qwinsta: Enumerate active sessions on the target, including numerous useful information.--tasklist: Well. enumerates all running tasks on the host. Update & enjoy the new reconnaissance flags🔎
5
74
290
New feature in #NetExec : S4U2Self and S4U2Proxy support and automation with --delegate and --self. It allows you to abuse KCD with protocol transition and RBCD automatically in NetExec, and use directly all the postex functionalities 🔥. For example with RBCD:
5
94
320
A new NetExec module just got merged: eventlog_creds🔥. It parses Windows Event ID 4688 logs (from "Audit Process Creation") to extract credentials from CMD and PowerShell commands. E.g. "net user username password /add" will be detected. Made by @lodos2005
4
81
431
Ejemplo de como funciona un ataque Pass-The-Hash en entornos Windows, de tal forma que podremos autenticarnos con un usuario utilizando su hash en lugar de su contraseña. #activedirectory #ciberseguridad #kalilinux #windows #informatica #netexec #impacket #crackmapexec #dominio
0
83
448
Samba, by Andrew Tridgell, is only 32 years old. Xi was 40 and she was 11 when that happened. CVE-2025-33073 is easily demonstrated for Ms Simiao by Minnesota State Senator Eric Lucero (R-Saint Michael). Ivanka got over IT eventually but the rest of us might be netexec’d. #vss365
0
0
2
