9.9. 横向移动

9.9.1. 域

• adidnsdump Active Directory Integrated DNS dump tool

• BloodHound Six Degrees of Domain Admin

• windapsearch Python script to enumerate users, groups and computers from a Windows domain through LDAP queries

• ldapdomaindump Active Directory information dumper via LDAP

• Kerberoast a series of tools for attacking MS Kerberos implementations

• ADRecon Active Directory Recon

9.9.2. Azure AD

• ROADtools Azure AD exploration framework

9.9.3. Exchange

• ruler A tool to abuse Exchange services

• MailSniper

• PrivExchange Exchange your privileges for Domain Admin privs by abusing Exchange

9.9.4. PowerShell

• PowerShellMafia

9.9.5. 内网信息收集

• SharpShares Quick and dirty binary to list network share information from all machines in the current domain and if they’re readable

• WinShareEnum Windows Share Enumerator

• HackBrowserData 全平台的浏览器数据导出工具

9.9.6. Kerberos

• Rubeus

• kerbrute A tool to perform Kerberos pre-auth bruteforcing

9.9.7. 自动化审计

• Infection Monkey Data center Security Testing Tool