all InfoSec news
ShadowSpray - A Tool To Spray Shadow Credentials Across An Entire Domain In Hopes Of Abusing Long Forgotten GenericWrite/GenericAll DACLs Over Other Objects In The Domain
May 15, 2023, 12:30 p.m. | noreply@blogger.com (Unknown)
KitPloit - PenTest Tools! www.kitploit.com
A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other objects in the domain.
Why this tool
In a lot of engagements I see (in BloodHound) that the group "Everyone" / "Authenticated Users" / "Domain Users" or some other wide group, which contains almost all the users in the domain, has some GenericWrite/GenericAll DACLs over other objects in the domain.
These rights can be abused to add Shadow Credentials …
abusing credentials domain shadow shadowspray spray stealth synchronization tool
More from www.kitploit.com / KitPloit - PenTest Tools!
Radamsa - A General-Purpose Fuzzer
3 days, 9 hours ago |
www.kitploit.com
Sr2T - Converts Scanning Reports To A Tabular Format
5 days, 9 hours ago |
www.kitploit.com
Jobs in InfoSec / Cybersecurity
Information Technology Specialist II: Network Architect
@ Los Angeles County Employees Retirement Association (LACERA) | Pasadena, CA
Cybersecurity Skills Challenge -- Sponsored by DoD
@ Correlation One | United States
Security Operations Center (SOC) Analyst
@ GK Cybersecurity Group | Remote
Technical Writer Cybersecurity (Clearance Required)
@ ICF | Virginia Client Office (VA88)
Threat Management & Intelligence Expert (m/f/d)
@ METRO/MAKRO | Düsseldorf, Germany
IT Security Manager
@ Deutsche Telekom IT Solutions Slovakia | Košice, Slovakia (Slovak Republic)