conti-pentester-guide-leak
This repository was created to archive leaked leaked pentesting materials, which were previously given to Conti ransomware group affilates:
Mentioned materials covers topics such us:
- configure the Rclone software with a MEGA for data exfiltration
- configure the AnyDesk software as a persistence and remote access solution into a victim’s network
- elevate and gain admin rights inside a company’s hacked network
- take over domain controllers
- dump passwords from Active Directories
- connect to hacked networks via RDP using a Ngrok secure tunnel
- install the Metasploit pen-testing framework on a VPS
- brute-force routers, NAS devices, and security cameras
- configure and use the Cobalt Strike agent
- perform a Kerberoasting attack
- use the NetScan tool to scan internal networks
- disable Windows Defender protections
- delete shadow volume copies
- configuring operating system to use the Tor and more
Leaked content will give you more insight into how ransomware operators perform their attacks. Futhermore, you can improve your own pentesting skills. Defenders will also benefit from this - you can more eaisly detect and block Conti affilates attacks.
UPDATE: vx-underground.org obtained more training materials and tools used by Conti ransomware operators. Posting those files could break Github ToS, however, you can find download url's for mentioned materials here.
NOTE: Archive containing CobaltStrike crack was removed to please GitHub's Terms of Service.
NOTE2: Materials are written in Russian language (however, due to misspells, threat actor is believed to be Ukrainian citizen)
NOTE3: If something requires password, try "xss.is" or "exploit.in". Do not open tickets in regard of password-related problems, because there's nothing i can do about this :(
Disclaimer
This project can only be used for educational purposes. Using this software against target systems without prior permission is illegal, and any damages from misuse of this software will not be the responsibility of the author.