MujereSec101

 Bluespawn In this lab we will be using Bluespawn as an alternative for an EDR system. Normally full EDRs like Cylance, Symantec and Crowdstrike are very expensive and tend not to show up in classes like this. BlueSpawn will monitor the system for "weird" behavior and note it when it occurs. In this lab, we will be starting BlueSpawn and then running Atomic Red Team to trigger a lot of alerts. First, let’s disable Defender. Simply run the following from an Administrator PowerShell prompt: Set-MpPreference -DisableRealtimeMonitoring $true This will disable Defender for this session. If you get angry red errors, that is Ok, it means Defender is not running. Let's get started by opening a Terminal as Administrator:  Now, let's open a command Prompt: Next, let’s change directories to tools and start Bluespawn: C:\Users\adhd>cd \tools C:\tools>BLUESPAWN-client-x64.exe --monitor --level Cursory Now, let’s use Atomic Red Team to test the monitoring with BlueSpawn: Firs...

 Compromising IPv4 networks via IPv6 While IPv6 adoption is gaining traction, company networks that use IPv6 internally are quite rare. However, most companies are unaware that while IPv6 might not be actively in use, all Windows versions since Windows Vista (including server variants) have IPv6 enabled and prefer it over IPv4. In this write-up, we explore an attack that abuses the default IPv6 configuration in Windows networks to spoof DNS replies by acting as a malicious DNS server and redirect traffic to an attacker specified endpoint or relay. We can abuse this exact functionality to gain control over the network and potentially dump the NTLM hashes from ntds.dit, create user, add user to privilege group e.g. Enterprise Admin, etc present in the domain controller. The ntds.dit file is a database that stores information about user objects, groups and group memberships, and password hashes for all users in the domain This attack attempts a DNS takeover in a network via IPv6 using...

  What is mitm6? mitm6 is a pentesting tool that exploits the default configuration of Windows to take over the default DNS server. It does this by replying to DHCPv6 messages, providing victims with a link-local IPv6 address and setting the attackers host as default DNS server. As DNS server, mitm6 will selectively reply to DNS queries of the attackers choosing and redirect the victims traffic to the attacker machine instead of the legitimate server. reference: https://github.com/dirkjanm/mitm6 Dependencies and installation mitm6 is compatible with both Python 2.7 and 3.x. You can install the requirements for your version with "pip install -r requirements.txt". In my case, I have to use the ff command "pip3 install" as "pip install -r requirements.txt" does not work for me. To start with, Go to Google search and look for "github mitm6" then clone the repository. ┌──(root㉿kali)-[/opt] └─# git clone https://github.com/dirkjanm/mitm6.git    Depende...