Folder tree update

swisskyrepo · Nov 19, 2023 · 24fe926 · 24fe926
1 parent 1285fd9
commit 24fe926
Show file tree

Hide file tree

Showing 37 changed files with 67 additions and 25 deletions.
diff --git a/docs/pentest/Bind Shell Cheatsheet.md → docs/cheatsheets/bind-shell-cheatsheet.md b/docs/pentest/Bind Shell Cheatsheet.md → docs/cheatsheets/bind-shell-cheatsheet.md
diff --git a/docs/pentest/Escape Breakout.md → docs/cheatsheets/escape-breakout.md b/docs/pentest/Escape Breakout.md → docs/cheatsheets/escape-breakout.md
diff --git a/docs/pentest/Hash Cracking.md → docs/cheatsheets/hash-cracking.md b/docs/pentest/Hash Cracking.md → docs/cheatsheets/hash-cracking.md
diff --git a/docs/redteam/Windows - Mimikatz.md → docs/cheatsheets/mimikatz-cheatsheet.md b/docs/redteam/Windows - Mimikatz.md → docs/cheatsheets/mimikatz-cheatsheet.md
diff --git a/docs/pentest/Miscellaneous - Tricks.md → docs/cheatsheets/miscellaneous-tricks.md b/docs/pentest/Miscellaneous - Tricks.md → docs/cheatsheets/miscellaneous-tricks.md
diff --git a/docs/pentest/MSSQL Server - Cheatsheet.md → docs/cheatsheets/mssql-server-cheatsheet.md b/docs/pentest/MSSQL Server - Cheatsheet.md → docs/cheatsheets/mssql-server-cheatsheet.md
diff --git a/docs/pentest/Network Discovery.md → docs/cheatsheets/network-discovery.md b/docs/pentest/Network Discovery.md → docs/cheatsheets/network-discovery.md
diff --git a/docs/pentest/Powershell - Cheatsheet.md → docs/cheatsheets/powershell-cheatsheet.md b/docs/pentest/Powershell - Cheatsheet.md → docs/cheatsheets/powershell-cheatsheet.md
diff --git a/docs/pentest/Reverse Shell Cheatsheet.md → docs/cheatsheets/reverse-shell-cheatsheet.md b/docs/pentest/Reverse Shell Cheatsheet.md → docs/cheatsheets/reverse-shell-cheatsheet.md
diff --git a/docs/pentest/Source Code Management.md → .../cheatsheets/source-code-management-ci.md b/docs/pentest/Source Code Management.md → .../cheatsheets/source-code-management-ci.md
diff --git a/docs/cloud/azure/azure-access-and-token.md b/docs/cloud/azure/azure-access-and-token.md
@@ -69,21 +69,21 @@ roadtx gettokens --refresh-token <refresh-token> -c 04b07795-8ddb-461a-bbee-02f9
 ```
 
 ```
-scope                                       resource                                                          client                              
-.default                                    04b07795-8ddb-461a-bbee-02f9e1bf7b46                              04b07795-8ddb-461a-bbee-02f9e1bf7b46
-                                            1950a258-227b-4e31-a9cf-717495945fc2                              1950a258-227b-4e31-a9cf-717495945fc2
-                                            https://graph.microsoft.com                                       00b41c95-dab0-4487-9791-b9d2c32c80f2
-                                                                                                              04b07795-8ddb-461a-bbee-02f9e1bf7b46
-                                            https://graph.windows.net                                         00b41c95-dab0-4487-9791-b9d2c32c80f2
-                                                                                                              04b07795-8ddb-461a-bbee-02f9e1bf7b46
-                                            https://outlook.office.com                                        00b41c95-dab0-4487-9791-b9d2c32c80f2
-                                                                                                              04b07795-8ddb-461a-bbee-02f9e1bf7b46
-Files.Read.All                              d3590ed6-52b3-4102-aeff-aad2292ab01c                              d3590ed6-52b3-4102-aeff-aad2292ab01c
-                                            https://graph.microsoft.com                                       d3590ed6-52b3-4102-aeff-aad2292ab01c
-                                            https://outlook.office.com                                        1fec8e78-bce4-4aaf-ab1b-5451cc387264
-Mail.ReadWrite.All                          https://graph.microsoft.com                                       00b41c95-dab0-4487-9791-b9d2c32c80f2
-                                            https://outlook.office.com                                        00b41c95-dab0-4487-9791-b9d2c32c80f2
-                                            https://outlook.office365.com                                     00b41c95-dab0-4487-9791-b9d2c32c80f2
+scope               resource                                client                              
+.default            04b07795-8ddb-461a-bbee-02f9e1bf7b46    04b07795-8ddb-461a-bbee-02f9e1bf7b46
+                    1950a258-227b-4e31-a9cf-717495945fc2    1950a258-227b-4e31-a9cf-717495945fc2
+                    https://graph.microsoft.com             00b41c95-dab0-4487-9791-b9d2c32c80f2
+                                                            04b07795-8ddb-461a-bbee-02f9e1bf7b46
+                    https://graph.windows.net               00b41c95-dab0-4487-9791-b9d2c32c80f2
+                                                            04b07795-8ddb-461a-bbee-02f9e1bf7b46
+                    https://outlook.office.com              00b41c95-dab0-4487-9791-b9d2c32c80f2
+                                                            04b07795-8ddb-461a-bbee-02f9e1bf7b46
+Files.Read.All      d3590ed6-52b3-4102-aeff-aad2292ab01c    d3590ed6-52b3-4102-aeff-aad2292ab01c
+                    https://graph.microsoft.com             3590ed6-52b3-4102-aeff-aad2292ab01c
+                    https://outlook.office.com              1fec8e78-bce4-4aaf-ab1b-5451cc387264
+Mail.ReadWrite.All  https://graph.microsoft.com             00b41c95-dab0-4487-9791-b9d2c32c80f2
+                    https://outlook.office.com              00b41c95-dab0-4487-9791-b9d2c32c80f2
+                    https://outlook.office365.com           00b41c95-dab0-4487-9791-b9d2c32c80f2
 ```
 
 

diff --git a/docs/cloud/azure/azure-devices-users-services.md b/docs/cloud/azure/azure-devices-users-services.md
@@ -11,6 +11,15 @@
 ```ps1
 ```
 
+* Add user to a group
+    ```ps1
+    $groupid = "<group-id>"
+    $targetmember = "<user-id>"
+    $group = Get-MgGroup -GroupId $groupid
+    $members = Get-MgGroupMember -GroupId $groupid
+    New-MgGroupMember -GroupId $groupid -DirectoryObjectid $targetmember
+    ```
+
 
 ## Devices
 

diff --git a/docs/cloud/azure/azure-enumeration.md b/docs/cloud/azure/azure-enumeration.md
@@ -22,10 +22,13 @@ Invoke-AADIntReconAsOutsider -UserName "[email protected]" | Format-Table
     ```
 
 
-## Azure AD - Conditionnal Access
+## Azure AD - Conditionnal Access Policy
 
 Enumerate Conditionnal Access Policies: `roadrecon plugin policies`
 
+
+
+
 ## Azure AD - MFA
 
 * [dafthack/MFASweep](https://github.com/dafthack/MFASweep) - A tool for checking if MFA is enabled on multiple Microsoft Services

diff --git a/docs/cloud/azure/azure-phishing.md b/docs/cloud/azure/azure-phishing.md
@@ -5,10 +5,11 @@
 > The attacker creates an Azure-registered application that requests access to data such as contact information, email, or documents. The attacker then tricks an end user into granting consent to the application so that the attacker can gain access to the data that the target user has access to. 
 
 Check if users are allowed to consent to apps: `PS AzureADPreview> (GetAzureADMSAuthorizationPolicy).PermissionGrantPolicyIdsAssignedToDefaultUserRole`
-* **Disable user consent** : Users cannot grant permissions to applications.
-* **Users can consent to apps from verified publishers or your organization, but only for permissions you select** : All users can only consent to apps that were published by a verified publisher and apps that are registered in your tenant
-* **Users can consent to all apps** : allows all users to consent to any permission which doesn't require admin consent,
-* **Custom app consent policy**
+
+* **Disable user consent** : Users cannot grant permissions to applications.   
+* **Users can consent to apps from verified publishers or your organization, but only for permissions you select** : All users can only consent to apps that were published by a verified publisher and apps that are registered in your tenant    
+* **Users can consent to all apps** : allows all users to consent to any permission which doesn't require admin consent.    
+* **Custom app consent policy**   
 
 ### Register Application
 

diff --git a/docs/cloud/azure/azure-services.md b/docs/cloud/azure/azure-services.md
@@ -22,25 +22,54 @@ Runbook must be SAVED and PUBLISHED before running it.
     ```
 
 
+## Microsoft Intune
+
+* LAPS
+    ```ps1
+    #requires -modules Microsoft.Graph.Authentication
+    #requires -modules Microsoft.Graph.Intune
+    #requires -modules LAPS
+    #requires -modules ImportExcel
+
+    $DaysBack = 30
+    Connect-MgGraph
+    Get-IntuneManagedDevice -Filter "Platform eq 'Windows'" |
+        Foreach-Object {Get-LapsAADPassword -DevicesIds $_.DisplayName} |
+            Where-Object {$_.PasswordExpirationTime -lt (Get-Date).AddDays(-$DaysBack)} |
+                Export-Excel -Path "c:\temp\lapsdata.xlsx" - ClearSheet -AutoSize -Show
+    ```
+
+
 ## Office 365
 
-### Extracting Microsoft Teams Messages
+### Microsoft Teams Messages
 
 ```ps1
 TokenTacticsV2> RefreshTo-MSTeamsToken -domain domain.local
 AADInternals> Get-AADIntTeamsMessages -AccessToken $MSTeamsToken.access_token | Format-Table id,content,deletiontime,*type*,DisplayName
 ```
 
 
-## Outlook
+## Outlook Mails
 
-* Read user messages
+* Read user mails
     ```ps1
     Get-MgUserMessage -UserId <user-id> | ft
     Get-MgUserMessageContent -OutFile mail.txt -UserId <user-id> -MessageId <message-id>
     ```
 
+## OneDrive Files
+
+```ps1
+$userId = "<user-id>"
+Import-Module Microsoft.Graph.Files
+Get-MgUserDefaultDrive -UserId $userId
+Get-MgUserDrive -UserId $UserId  -Debug
+Get-MgDrive -top 1
+```
+
 
 ## References
 
-* [Microsoft Graph - servicePrincipal: addPassword](https://learn.microsoft.com/en-us/graph/api/serviceprincipal-addpassword?view=graph-rest-1.0&tabs=powershell)
+* [Microsoft Graph - servicePrincipal: addPassword](https://learn.microsoft.com/en-us/graph/api/serviceprincipal-addpassword?view=graph-rest-1.0&tabs=powershell)
+* [Microsoft Intune - Microsoft Intune support for Windows LAPS](https://learn.microsoft.com/en-us/mem/intune/protect/windows-laps-overview)
diff --git a/...and-control/Cobalt Strike - Cheatsheet.md → docs/command-control/cobalt-strike.md b/...and-control/Cobalt Strike - Cheatsheet.md → docs/command-control/cobalt-strike.md
diff --git a/...ommand-control/Metasploit - Cheatsheet.md → docs/command-control/metasploit.md b/...ommand-control/Metasploit - Cheatsheet.md → docs/command-control/metasploit.md
diff --git a/.../containers/Container - Docker Pentest.md → docs/containers/docker-containers.md b/.../containers/Container - Docker Pentest.md → docs/containers/docker-containers.md
diff --git a/...tainers/Container - Kubernetes Pentest.md → docs/containers/kubernetes-containers.md b/...tainers/Container - Kubernetes Pentest.md → docs/containers/kubernetes-containers.md
diff --git a/...ethodology/Methodology and enumeration.md → docs/methodology/bug-hunting-methodology.md b/...ethodology/Methodology and enumeration.md → docs/methodology/bug-hunting-methodology.md
@@ -1,4 +1,4 @@
-# Bug Hunting Methodology and Enumeration
+# Bug Hunting Methodology
 
 ## Summary
 

diff --git a/docs/methodology/Vulnerability Reports.md → docs/methodology/vulnerability-reports.md b/docs/methodology/Vulnerability Reports.md → docs/methodology/vulnerability-reports.md
diff --git a/docs/pentest/.gitkeep b/docs/pentest/.gitkeep
diff --git a/docs/redteam/attack-surface-enumeration.md → ...team/access/attack-surface-enumeration.md b/docs/redteam/attack-surface-enumeration.md → ...team/access/attack-surface-enumeration.md
diff --git a/docs/redteam/HTML Smuggling.md → docs/redteam/access/html-smuggling.md b/docs/redteam/HTML Smuggling.md → docs/redteam/access/html-smuggling.md
diff --git a/docs/redteam/initial-access.md → docs/redteam/access/initial-access.md b/docs/redteam/initial-access.md → docs/redteam/access/initial-access.md
diff --git a/docs/redteam/Office - Attacks.md → docs/redteam/access/office-attacks.md b/docs/redteam/Office - Attacks.md → docs/redteam/access/office-attacks.md
diff --git a/...redteam/Windows - Download and Execute.md → ...edteam/access/windows-download-execute.md b/...redteam/Windows - Download and Execute.md → ...edteam/access/windows-download-execute.md
diff --git a/docs/redteam/Windows - Using credentials.md → ...dteam/access/windows-using-credentials.md b/docs/redteam/Windows - Using credentials.md → ...dteam/access/windows-using-credentials.md
diff --git a/docs/pentest/Linux - Privilege Escalation.md → .../escalation/linux-privilege-escalation.md b/docs/pentest/Linux - Privilege Escalation.md → .../escalation/linux-privilege-escalation.md
diff --git a/...pentest/Windows - Privilege Escalation.md → ...scalation/windows-privilege-escalation.md b/...pentest/Windows - Privilege Escalation.md → ...scalation/windows-privilege-escalation.md
diff --git a/docs/redteam/Linux - Evasion.md → docs/redteam/evasion/linux-evasion.md b/docs/redteam/Linux - Evasion.md → docs/redteam/evasion/linux-evasion.md
diff --git a/docs/redteam/Windows - AMSI Bypass.md → docs/redteam/evasion/windows-amsi-bypass.md b/docs/redteam/Windows - AMSI Bypass.md → docs/redteam/evasion/windows-amsi-bypass.md
diff --git a/docs/redteam/Windows - Defenses.md → docs/redteam/evasion/windows-defenses.md b/docs/redteam/Windows - Defenses.md → docs/redteam/evasion/windows-defenses.md
diff --git a/docs/redteam/Windows - DPAPI.md → docs/redteam/evasion/windows-dpapi.md b/docs/redteam/Windows - DPAPI.md → docs/redteam/evasion/windows-dpapi.md
diff --git a/docs/redteam/Linux - Persistence.md → .../redteam/persistence/linux-persistence.md b/docs/redteam/Linux - Persistence.md → .../redteam/persistence/linux-persistence.md
diff --git a/docs/redteam/Windows - Persistence.md → ...edteam/persistence/windows-persistence.md b/docs/redteam/Windows - Persistence.md → ...edteam/persistence/windows-persistence.md
diff --git a/docs/pentest/Network Pivoting Techniques.md → ...m/pivoting/network-pivoting-techniques.md b/docs/pentest/Network Pivoting Techniques.md → ...m/pivoting/network-pivoting-techniques.md