ex: SOC2, NIST 800-53, ISO 27001, PCI DSS (credit cards), HITRUST / HIPAA (healthcare), FIPS / FedRAMP (US Gov), GDPR (EU)
ex: AWS, Microsoft Azure, Google GCP, on-prem VMware
ex: AWS EC2 VMs, AWS ECS (Docker), AWS EKS (Kubernetes K8S), Azure VM, Azure AKS (K8S), GCP VM, GCP GKE (K8S)
| c:\windows\system32\microsoft\crypto\rsa\machinekeys | |
| c:\windows\system32\tasks_migrated\microsoft\windows\pla\system | |
| c:\windows\syswow64\tasks\microsoft\windows\pla\system | |
| c:\windows\debug\wia | |
| c:\windows\system32\tasks | |
| c:\windows\syswow64\tasks | |
| c:\windows\tasks | |
| c:\windows\registration\crmlog | |
| c:\windows\system32\com\dmp | |
| c:\windows\system32\fxstmp |
With kerbrute.py:
python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>With Rubeus version with brute module:
| filter Expand-DefenderAVSignatureDB { | |
| <# | |
| .SYNOPSIS | |
| Decompresses a Windows Defender AV signature database (.VDM file). | |
| .DESCRIPTION | |
| Expand-DefenderAVSignatureDB extracts a Windows Defender AV signature database (.VDM file). This function was developed by reversing mpengine.dll and with the help of Tavis Ormandy and his LoadLibrary project (https://github.com/taviso/loadlibrary). Note: Currently, "scrambled" databases are not supported although, I have yet to encounter a scrambled database. Thus far, all databases I've encountered are zlib-compressed. |
| { | |
| "queries": [{ | |
| "name": "List all owned users", | |
| "queryList": [{ | |
| "final": true, | |
| "query": "MATCH (m:User) WHERE m.owned=TRUE RETURN m" | |
| }] | |
| }, | |
| { | |
| "name": "List all owned computers", |