Awesome Open Source
Awesome Open Source

conti-pentester-guide-leak

This repository was created to archive leaked leaked pentesting materials, which were previously given to Conti ransomware group affilates:

obraz

Mentioned materials covers topics such us:

  • configure the Rclone software with a MEGA for data exfiltration
  • configure the AnyDesk software as a persistence and remote access solution into a victims network
  • elevate and gain admin rights inside a companys hacked network
  • take over domain controllers
  • dump passwords from Active Directories
  • connect to hacked networks via RDP using a Ngrok secure tunnel
  • install the Metasploit pen-testing framework on a VPS
  • brute-force routers, NAS devices, and security cameras
  • configure and use the Cobalt Strike agent
  • perform a Kerberoasting attack
  • use the NetScan tool to scan internal networks
  • disable Windows Defender protections
  • delete shadow volume copies
  • configuring operating system to use the Tor and more

Leaked content will give you more insight into how ransomware operators perform their attacks. Futhermore, you can improve your own pentesting skills. Defenders will also benefit from this - you can more eaisly detect and block Conti affilates attacks.

UPDATE: vx-underground.org obtained more training materials and tools used by Conti ransomware operators. Posting those files could break Github ToS, however, you can find download url's for mentioned materials here.

NOTE: Archive containing CobaltStrike crack was removed to please GitHub's Terms of Service.

NOTE2: Materials are written in Russian language (however, due to misspells, threat actor is believed to be Ukrainian citizen)

NOTE3: If something requires password, try "xss.is" or "exploit.in". Do not open tickets in regard of password-related problems, because there's nothing i can do about this :(

Disclaimer

This project can only be used for educational purposes. Using this software against target systems without prior permission is illegal, and any damages from misuse of this software will not be the responsibility of the author.


Get A Weekly Email With Trending Projects For These Topics
No Spam. Unsubscribe easily at any time.
Batchfile (8,156
Cybersecurity (1,400
Pentesting (1,349
Guide (1,294
Infosec (735
Ioc (586
Ransomware (218
Pentesting Tools (173
Offensive Security (169
Related Projects