The description for BadBlood states:  "It is a security tool for Active Directory. Run BadBlood on a domain so that security analysts and engineers can practice using tools to gain an understanding and prescribe to securing Active Directory.  Each time this tool runs, it produces different results. The domain, users, groups, computers and permissions are different."

    I think that pretty much sums it up and the point is that we don't often get to work on large test environments and this creates large, unique, environments, that we can use to hone our craft.


    There are a number of tools used for obfuscating PowerShell and one of the more famous tools, Invoke Obfuscation, I've written about a few times.  But with PowerShell logging becoming more popular, I wonder why the bother to obfuscate.  As far as I can tell, it no longer helps with evasion and if it's not captured in some form, what's the point? 

    To see what I'm talking about, we need to enable logging and script block logging:


    The definition states:  "Crunch is a wordlist generator where you can specify a standard character set or a character set you specify.  Crunch can generate all possible combinations and permutations."

    Crunch is useful for generating wordlists and it's especially useful when you want to generate wordlists with patterns.  For example, while setting up Office365 accounts, I let the web mechanism generate passwords.  The standard generated password sets the first character as uppercase alpha, followed by two lowercase alphas, ending with a five digit number. 


    The description states:  "This is a Linux box, running a WINE Application vulnerable to Buffer Overflow, escalation is pretty simple."

    As stated, this is an easy buffer overflow problem assuming you understand the process.  If you want a more detailed walkthrough using a different box, my post on Brainpan, goes into greater detail for each step.


    The description states:  "CrackMapExec (a.k.a CME) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks. Built with stealth in mind, CME follows the concept of "Living off the Land": abusing built-in Active Directory features/protocols to achieve it's functionality and allowing it to evade most endpoint protection/IDS/IPS solutions."

    This is one of those tools that I've used from time to time when another one of my tools wasn't doing what I wanted it to do.  That happened recently and I decided to make a big cheat sheet with a list of commands.  The following is a subset,  the basics, and if you're not familiar with this tool, it might be worth exploring.


    Page 2 of 63

    Cybersecurity solutions for small businesses.

    info@sevenlayers.com
    877.468.0911

    © 2021 Seven Layer Networks, Inc. | All rights reserved.