Road Map
v1
- SMB share anonymous
- SMB not signed
- Responder
- Zerologon
- Windows defender
- ASREPRoast
- Kerberoasting
- AD Acl abuse
- Unconstraint delegation
- Ntlm relay
v2
- Password reuse between computer (PTH)
- Spray User = Password
- Password in description
- Constrained delegation
- Install MSSQL
- MSSQL trusted link
- MSSQL impersonate
- Install IIS
- Upload asp app
- Multiples forest
- Anonymous RPC user listing
- Child parent domain
- Generate certificate and enable ldaps
- ADCS - ESC 1/2/3/4/6/8
- Certifry
- Samaccountname/nopac
- Petitpotam unauthent
- Printerbug
- Drop the mic
- Shadow credentials
- Mitm6
- Add LAPS
- GPO abuse
- Add Webdav
- Add RDP bot
- Add full proxmox integration
- Add Gmsa (receipe created)
- Add azure support
- Refactoring lab and providers
- Protected Users
- Account is sensitive
- Add PPL
- Add Gmsa
- Groups inside groups
- Shares with secrets (all, sysvol)
- Sccm (see SCCM lab)
v3
- aws support
- ludus support
- windows install compatibility
- extension support
- multiple instance management
- extension exchange
- extension ludus
- extension elk
- extension ws01
- extension exchange add a bot to read mails
- extension attackbox
- extension VPN
- extension guacamole
- extension linux VM enrolled
- Add Applocker to ws01
- Wsus (to add on sccm)
- ADCS add vulns