9.9. 横向移动

9.9.1.

  • adidnsdump Active Directory Integrated DNS dump tool

  • BloodHound Six Degrees of Domain Admin

  • PlumHound Bloodhound for Blue and Purple Teams

  • windapsearch Python script to enumerate users, groups and computers from a Windows domain through LDAP queries

  • ldapdomaindump Active Directory information dumper via LDAP

  • Kerberoast a series of tools for attacking MS Kerberos implementations

  • ADRecon Active Directory Recon

  • Creds Some usefull Scripts and Executables for Pentest & Forensics

  • Lithnet Password Protection for Active Directory Active Directory password filter featuring breached password checking and custom complexity rules

9.9.2. 容器

  • CDK an open-sourced container penetration toolkit, offering stable exploitation in different slimmed containers without any OS dependency

9.9.3. 微软系产品利用

  • LyncSniper A tool for penetration testing Skype for Business and Lync deployments

  • MSOLSpray A password spraying tool for Microsoft Online accounts (Azure/O365)

  • MailSniper MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms

9.9.4. Azure AD

9.9.5. Exchange

9.9.6. PowerShell

9.9.7. 内网信息收集

  • SharpShares Quick and dirty binary to list network share information from all machines in the current domain and if they’re readable

  • WinShareEnum Windows Share Enumerator

  • HackBrowserData 全平台的浏览器数据导出工具

9.9.8. Kerberos

9.9.9. 自动化审计

9.9.10. 绕过

  • SysWhispers AV/EDR evasion via direct system calls

  • SysWhispers2 AV/EDR evasion via direct system calls

  • Dumpert LSASS memory dumper using direct system calls and API unhooking

9.9.11. 内网扫描

  • InScan 边界打点后的自动化渗透工具

  • fscan 一款内网综合扫描工具,方便一键自动化、全方位漏扫扫描。