feat: ✨ Adding SMB and HTTP Distribution Point (DP) cred looting

subat0mik / Misconfiguration-Manager

Misconfiguration Manager is a central knowledge base for all known Microsoft Configuration Manager tradecraft and associated defensive and hardening guidance.

https://misconfigurationmanager.com

GNU General Public License v3.0

710 stars 73 forks source link

feat: ✨ Adding SMB and HTTP Distribution Point (DP) cred looting #36

Closed ar0dd closed 1 month ago

ar0dd commented 2 months ago

This PR introduces are new "CRED" primitive.

Looting SCCM Distribution Points (DP) can be a fruitful endeavor for internal attackers.

SCCM DP looting via SMB and HTTP (newer method) are both documented. Existing tools are also documented.

subat0mik commented 2 months ago

@ar0dd Can you please add this to the matrix and technique list file as well?

ar0dd commented 2 months ago

Oops. Missed that. Yes, Will do! @subat0mik

I'll ping you once complete.

ar0dd commented 1 month ago

Tables are wicked on Markdown. Looks correct though. Let me know 👍 @subat0mik