2025. március 27.
The tool is available in this GitHub repository:
https://github.com/NaunetEU/LegolAD
Stealth
I consider alternative tools like PowerView to be stealthy in terms of event generation. However, when I created this tool, I had very little knowledge of blue team tools. I wanted to minimize unusual LDAP network traffic while still retrieving as much data as possible about the objects.
Features
Features not found in ldapsearch:
Jitters
Using the arguments --min-time-to-sleep and --max-time-to-sleep, you can set the jitter limits in seconds. Both default to 0, so remember to set them.
Page size and Burst
With the --page-size argument, you can set the page size, which defaults to 10. This ensures that no huge LDAP queries are requested.
You can request multiple requests between jitters using the --burst attribute. You can retrieve 20 items with a single LDAP request between jitters or request 10 items with two LDAP requests. This feature was added because we suspected that normal LDAP communication might occur multiple times in quick succession.
Breaks
The --breaks or -br attribute can be used multiple times and accepts two parameters:
- The start of the break
- The end of the break
Breaks must be set in military time. For example:
-br 12:00 12:30 -br 13:10 13:20
The configuration above creates a ‘lunch break’ and an additional short break. During these periods, no scanning will occur, simulating human employee behavior.
Fedezze fel a legfrissebb kiberbiztonsági híreket
Maradjon egy lépéssel a kiberveszélyek előtt a Naunet szakértői blogbejegyzéseivel! Ismerje meg a legújabb védelmi trendeket, technikákat és technológiákat, hogy növelhesse vállalkozása biztonságát. Csatlakozzon közösségünkhöz, és fejlődjön minden bejegyzéssel!
OpenClaw is an open source AI assistant that runs on your machine and connects to chat apps like Telegram, Discord, and Slack. It is useful because it collapses message intake, web access, tool invocation, and stored authority into one runtime. These features make it a very inviting application however that is also the core danger.
How to use Evilginx 3 with Custom Certificates
Two ways to use Evilginx 3 community edition with custom (even wildcard) certificates.
Last year, I conducted a phishing campaign as part of a red team assessment. Let me share what I learned about SPAM filters. I also had access to the internal mailing system, allowing me to test my theories on the target.
Stealthier than Nmap: ShadowProbe
ShadowProbe is a custom-made, TCP-only port scanner designed for multiple targets, featuring an inbuilt scheduler. It is a tool intended to run for days or even weeks once started.
In this article, we’ll explore the different types of penetration tests—compliance-driven, penetration testing as a service (PTaaS), and threat-led testing. We’ll discuss when and why each type is necessary, who benefits from them, and how to determine the best option for your organization’s specific security needs.
AIMS eCrew Authorization Bypass (CVE-2024-44450)
Access control vulnerabilities are still the most common problems in web applications. This blog post summarizes several access control issues we found in our target web application.