cyberark/RiskySPN

Stars
258
Rank 158,189 (Top 4 %)
Language
PowerShell
License
GNU General Publi...
Created over 8 years ago
Updated over 7 years ago

cyberark/RiskySPN

cyberark

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Detect and abuse risky SPNs

RiskySPNs

RiskySPNs is a collection of PowerShell scripts focused on detecting and abusing accounts associated with SPNs (Service Principal Name). This module can assist blue teams to identify potentially risky SPNs as well as red teams to escalate privileges by leveraging Kerberos and Active Directory.

For detailed information: http://www.cyberark.com/blog/service-accounts-weakest-link-chain/

Usage

Install the module

Import-Module .\RiskySPNs.psm1

Or just load the script (you can also IEX from web)

. .\Find-PotentiallyCrackableAccounts.ps1

Make sure Set-ExecutionPolicy is Unrestricted or Bypass

Get information about a function (very detailed :))

Get-Help Get-TGSCipher -Full

All fucntions also have -Verbose mode

Search vulnerable SPNs

Find vulnerable accounts

Find-PotentiallyCrackableAccounts

Sensitive + RC4 = $$$

Generate full deatiled report about vulnerable accounts (CISO <3)

Export-PotentiallyCrackableAccounts

Get tickets

Request Kerberos TGS for SPN

Get-TGSCipher -SPN "MSSQLSvc/prodDB.company.com:1433"

Or

Find-PotentiallyCrackableAccounts -Stealth -GetSPNs | Get-TGSCipher

The fun stuff :)

Find-PotentiallyCrackableAccounts -Sensitive -Stealth -GetSPNs | Get-TGSCipher -Format "Hashcat" | Out-File crack.txt
oclHashcat64.exe -m 13100 crack.txt -a 3

KubiScan

A tool to scan Kubernetes cluster for risky permissions

SkyArk

SkyArk helps to discover, assess and secure the most privileged entities in Azure and AWS

ACLight

A script for advanced discovery of Privileged Accounts - includes Shadow Admins

conjur

CyberArk Conjur automatically secures secrets used by privileged users and machine identities

kubeletctl

A client for kubelet

summon

CLI that provides on-demand secrets access for common DevOps tools

bash-lib

Library for bash utility methods and tools

PipeViewer

A tool that shows detailed information about named pipes in Windows

DLLSpy

DLL Hijacking Detection Tool

zBang

zBang is a risk assessment tool that detects potential privileged account threats

shimit

A tool that implements the Golden SAML attack

RPCMon

RPC Monitor tool based on Event Tracing for Windows

Evasor

A tool to be used in post exploitation phase for blue and red teams to bypass APPLICATIONCONTROL policies

BlobHunter

Find exposed data in Azure with this public blob scanner

secretless-broker

Secure your apps by making them Secretless

White-Phoenix

A tool to recover content from files encrypted with intermittent encryption

kubernetes-rbac-audit

Tool for auditing RBACs in Kubernetes

MITM_Intercept

A little bit less hackish way to intercept and modify non-HTTP protocols through Burp & others.

epv-api-scripts

These API scripts enable CyberArk users to automate privileged account management task like account creation, user management, and more.

ketshash

A little tool for detecting suspicious privileged NTLM connections, in particular Pass-The-Hash attack, based on event viewer logs.

rdpfuzz

Tools for fuzzing RDP

SkyWrapper

SkyWrapper helps to discover suspicious creation forms and uses of temporary tokens in AWS

EasyPeasy

Find accounts using common and default passwords in Active Directory.

pas-on-cloud

CyberArk Privileged Access Security on Cloud

ansible-security-automation-collection

CyberArk Ansible Security Automation Collection

CYBRHardeningCheck

A utility to check CyberArk component servers hardening status

summon-aws-secrets

Summon provider for AWS Secrets Manager

cyberark-aws-auto-onboarding

Solutions for automatically detecting, managing and securing privileged accounts in AWS EC2

pas-orchestrator

CyberArk Privileged Access Security automatic deployment using Ansible

summon-conjur

CyberArk Conjur provider for Summon

ansible-modules

Ansible Modules for CyberArk Privileged Account Security Web Service SDK

conjur-quickstart

Start securing your secrets and infrastructure by installing Conjur, using Docker and the official Conjur containers on DockerHub.

malware-research

Fuzzer-V

sidecar-injector

Sidecar Injector for the Conjur Kubernetes Authenticator and Secretless

ChattyCaty

conjur-oss-helm-chart

Helm chart for deploying Conjur OSS to Kubernetes

secrets-provider-for-k8s

Cyberark secrets provider for k8s

PwnKit-Hunter

PwnKit-Hunter is here to help you check if your systems are vulnerable to CVE-2021-4043, a.k.a. PwnKit

PreCog

Discover "HotSpots" - potential spots for credentials theft

terraform-provider-conjur

Terraform provider for Conjur

pvwa

Ansible role to deploy Cyberark Password Vault Web Access

conjur-api-go

Go client for the CyberArk Conjur API

slosilo

A Ruby interface to standard cryptographic primitives

password-lookup-plugin

cyberarkpassword Lookup Plugin

cyberark-conjur-cli

CyberArk Conjur command line interface written in Python

psm

Ansible role to deploy Cyberark Privileged Session Manager

conjur-template

Template repo for Conjur repositories

conjur-api-java

Java client for the CyberArk Conjur API

summon-keyring

Cross-platform provider for Summon that talks to keyrings.

cpm

Ansible role to deploy Cyberark Central Policy Manager

conjur-api-dotnet

.NET client for the CyberArk Conjur API

cyberark-conjur-cli-docker-based

CyberArk Conjur command line interface (Ruby)

parse-a-changelog

A validator for changelogs using the Keep a Changelog standard (http://keepachangelog.com)

ansible-aim-provider

Ansible Galaxy Role to install and uninstall Cyberark AIM provider

kubernetes-conjur-deploy

Scripts for deploying DAP followers to Kubernetes and OpenShift given an existing DAP master cluster

Symda

summon-s3

AWS S3 provider for Summon

KDSnap

ansible-role-conjur

Grants Conjur machine identity to hosts

conjur-credentials-plugin

Conjur plugin for securely providing credentials to Jenkins jobs

conjur-openapi-spec

OpenAPI v3 specification for Conjur / DAP v10+

conjur-authn-k8s-client

Authentication sidecar for Conjur Kubernetes integration.

dev-flow

Opinionated CLI that standardizes and automates common development tasks

ark-sdk-python

CyberArk's Official SDK and CLI - https://cyberark.github.io/ark-sdk-python/

ansible-conjur-host-identity

This project encapsulates the functionality of our `cyberark.conjur-host-identity role for Ansible

conjur-api-python

Python client for the CyberArk Conjur API

conjur-oss-suite-release

Under development - Latest stable releases of the Conjur OSS suite

community

Information for the CyberArk contributor community

cyberark-aim-chef

Chef custom resource for CyberArk AIM

homebrew-tools

Homebrew formulas for different CyberArk tooling.

cacookiecleaner

conjur-policy-generator

Tools to create sample Conjur policies for testing, etc.

atyourservice

The atyourservice project is intended to provide highly-customizable utilities for troubleshooting issues.

identity-aws-verified-permissions-demo

summon-chefapi

Summon provider for Chef encrypted data bags

conjur-puppet

Official Puppet module for CyberArk Conjur

sample-siem-dashboards

escape-the-cloud

Web Application for CyberArk Cloud Escape Room CTF challenge

helm-charts

CyberArk Helm charts repository.

psmp-deploy-ansible-role

Ansible role to deploy Cyberark Privileged Session Manager SSH Proxy (PSM-SSH)

ansible-conjur-collection

Ansible Collection for Conjur

conjur-spring-boot-sdk

SafeNet

conjur-azure-devops-extension

Azure DevOps Extension for retrieving secrets from CyberArk Conjur

conjur-api-ruby

Ruby client for the CyberArk Conjur API

conjur-base-image

Base Docker images for CyberArk Conjur

conjur-cli-go

CyberArk Conjur command line interface (Go)

conjur-aws

[DEPRECATED] - AWS CloudFormation templates for Conjur

conjur-google-cloud-marketplace

[DEPRECATED] Conjur application for Google Cloud Marketplace

conjur-service-broker

Implementation of the Open Service Broker API for Conjur

identity-demo-android

This is to demonstrate CyberArk Identity capabilities of Android SDK in a sample app.

pas-reporter-dataprocessing

conjur-inspect

dap-web-utility

DAP web utility to simplify DAP/Conjur deployment & operations

urbancode-conjur-aim

A plugin which allows UrbanCode Deploy to get credentials from EPV via AIM, and to get secrets from Conjur for setting up a CI/CD workflow

psmp-activate-ansible-role

Ansible role to activate Cyberark Privileged Session Manager SSH Proxy (PSM-SSH)

conjur-tutorials

A repository for tutorials related to Conjur

conjur-authn-iam-client-python

Python client for using Conjur with authn-iam

aim-puppet