automation

Links:

• LaZagne

• snaffler

Search for email address

• https://github.com/dafthack/MailSniper

Dump all type of credentials

.\LaZagne.exe all

.\snaffler.exe -d <domain> -s -v data

Windows Enumeration scripts

Sherlock

Set-ExecutionPolicy bypass -Scope process

Import-Module .\Sherlock.ps1

Find-AllVulns

Windows-Exploit-Suggester

Install python dependencies (local VM only)

sudo wget https://files.pythonhosted.org/packages/28/84/27df240f3f8f52511965979aad7c7b77606f8fe41d4c90f2449e02172bb1/setuptools-2.0.tar.gz

sudo tar -xf setuptools-2.0.tar.gz

cd setuptools-2.0 && sudo python2.7 setup.py install

sudo wget https://files.pythonhosted.org/packages/42/85/25caf967c2d496067489e0bb32df069a8361e1fd96a7e9f35408e56b3aab/xlrd-1.0.0.tar.gz

sudo tar -xf xlrd-1.0.0.tar.gz

cd xlrd-1.0.0 && sudo python2.7 setup.py install

Gather systeminfo command output

systeminfo > sysinfo.txt 

Run exploit suggester

sudo python2.7 windows-exploit-suggester.py --update #(database update)

python2.7 windows-exploit-suggester.py  --database 2021-05-13-mssb.xls --systeminfo win7lpe-systeminfo.txt

---

Automation tools

PrivEsc checklists:

• checklist-windows-privilege-escalation

• Windows Privilege Escalation.md

Enumeration Scripts:

• windownPrivEsc.exe

• Sherlock

• watson

• https://github.com/GhostPack/Seatbelt

• https://github.com/411Hall/JAWS

• WinEnum/WinEnum.bat at master · neox41/WinEnum · GitHub

• https://github.com/ohpe/juicy-potato

Framework:

• privilege-escalation-awesome-scripts-suite (PEASS)

---

Prevention

Secure clean os installation

Customize a windows os according to your need. Tools such as system center configuration manager, SCCM and WDS can be handy.

Updates and patching

You can setup WSUS(windows server update service) server within your environment, so that each computer is not reaching to update them individually.

Configuration management

User management

Audit

There are many security standards such as DiSA Security Technical Implementation Guides or Microsoft's security-compliance-toolkit, ISO27001, PCI-DSS, HIPPA.

Logging

Sysmon

It is a tool built by microsoft and included in the sysinternals suite that enhances the logging and event collection capabilities in windows.

Network and host logs

Tools like packetbeat, IDS/IPS implementation such as security onion sensors, and other network monitoring solutions can help complete the picture for your administrators.