MOR DAVID

Red Teamer, Pentester and Cyber Security Expert

Articles


Active Directory Assessment Tools

Here is a collection of hacking tools designed for Active Directory, crafted for efficiency and ease of use.
DavidHound

This tool, akin to SharpHound, collects data from Active Directory environments, including WebDAV, Print Spooler, IP addresses, antivirus/EDR, and LDAP signing status, with plans for sessions, SMB signing, Kerberoast, ASREPRoast, Pre2K, and SCCM. It uses multi-threading for efficient data collection and supports output loading into BloodHound/Neo4j

Github Copy Command

MDLoader

This script analyzes the MD tools output file and load to Neo4j/Bloodhound database.

Github Copy Command

BHCreator

Bloodhound CE deployment include my custom settings in one-liner

Github Copy Command

DCSyncHound

DCSyncHound is a script analyzes the DCSync output file from several tools (such as Mimikatz, Secretsdump and SharpKatz...)

Github Copy Command

2KSpray

2KSpray is a tool that uses "asktgt" to verify Windows 2000 systems by confirming if the password aligns with the host's name.

Github Copy Command

SharpWebClientScanner

WebClient Scanner is C# tool that verifies the status of WebClient services across multiple targets in the domain.

Github Copy Command

SharpNetworkScanner

SharpNetworkScanner is a C# utility designed for network scanning. It provides users with a flexible and customizable way to perform network scans with various options.

Github Copy Command


CVEs, Exploits, etc.

WinRAR before 6.23 (CVE-2023-38831)

WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive.

Github Copy Command

Telegram Listener

This script serves as a fundamental listener for bot channels on Telegram. Its intended use is to aid in my research on phishing kits.

Github Copy Command