riccardoancarani Goto Github PK

followers: 242.0 following: 55.0 repos: 67.0 gists: 1.0

Name: Riccardo Ancarani

Type: User

Company: WithSecure

Bio: Principal Security Consultant @ WithSecure

Location: London, United Kingdom

Blog: riccardoancarani.github.io

Riccardo "dottor_morte" Ancarani 🔥

🔬Interests

Active Directory Exploitation
Purple Teaming
Threat Hunting
Software Development

📚 Blog Posts

Talks

Active Directory - Detecting Resilient Adversaries: More than 95 percent of the biggest corporates use Active Directory (AD) to manage identity, enforce policies and control business-critical assets. Despite AD represents the single point of failure in most cases, companies are still struggling with securing it; More than often, after obtaining an initial foothold, the attackers gain the maximum privileges within a short time period and even without being noticed before it’s too late. The aim of this talk is to bring awareness on the techniques that adversaries might employ whilst providing practical advices on how to stop and detect them.
Attack Detection Workshops - Initial Access: Presented the first episode of F-Secure’s Attack Detection Workshops (https://www.f-secure.com/en/consulting/events/attack-detection- fundamentals-workshops) that covered: The techniques threat actors use to bypass mail filtering controls and obtain foothold; making use of open-source tools to emulate the initial access vectors of Emotet and those used in Operation Cobalt Kitty; Learning how to detect these attacks using endpoint logs or memory analysis

Certifications

eCPTX
OSCP
eCTHP
eMAPT
eWPT
CREST CPSA
eCPPT

Riccardo Ancarani's Projects

atomic-red-team

Small and highly portable detection tests based on MITRE's ATT&CK.

bloodhound-playbook

Reproducible and extensible BloodHound playbooks

bof-registry

Cobalt Strike beacon object file that allows you to query and make changes to the Windows Registry

bofs

Collection of Beacon Object Files (BOFs) for shells and lols

boofuzz

A fork and successor of the Sulley Fuzzing Framework

dirsync-poc

A PoC that uses the DirSync protocol to poll Active Directory for changes

dynamicwrapperex

x64 Registration-Free In-Process COM Automation Server.

go-jwt-cracker

A simple GO utility to crack weak JWT secrets

gobuster

Directory/file & DNS busting tool written in Go

gpopowerparser

A script that parses PowerView's output for GPO analysis. Integrated into bloodhound to find misconfigurations of URA, SMB signing etc

healthinspector

JXA situational awareness helper by simply reading specific files on a filesystem

httprobe

Take a list of domains and probe for working HTTP and HTTPS servers

https_csharp_server

Implementing a Multithreaded HTTP/HTTPS Debugging Proxy Server in C# xref. `https://www.codeproject.com/Articles/93301/Implementing-a-Multithreaded-HTTP-HTTPS-Debugging`

instagram-insights

A jupyter notebook for extracting meaningful informations about your Instagram profile, like the best time to post and the hashtags that are generating more interactions

liquidsnake

LiquidSnake is a tool that allows operators to perform fileless lateral movement using WMI Event Subscriptions and GadgetToJScript

lolcerts

A repository of code signing certificates known to have been leaked or stolen, then abused by threat actors

metasploit_cheatsheet

A comprehensive list of the most useful Metasploit commands I found during my PT activity. Built using Latex/TexWorks

Safe to eat ore deadly poison? Let's use machine learning to find it out. A jupyter notebook that implements a possible solution to the Kaggle challenge, the ML model used is a Random Forest Classifier.