conti-pentester-guide-leak

This repository was created to archive leaked leaked pentesting materials, which were previously given to Conti ransomware group affilates:

Mentioned materials covers topics such us:

configure the Rclone software with a MEGA for data exfiltration
configure the AnyDesk software as a persistence and remote access solution into a victim’s network
elevate and gain admin rights inside a company’s hacked network
take over domain controllers
dump passwords from Active Directories
connect to hacked networks via RDP using a Ngrok secure tunnel
install the Metasploit pen-testing framework on a VPS
brute-force routers, NAS devices, and security cameras
configure and use the Cobalt Strike agent
perform a Kerberoasting attack
use the NetScan tool to scan internal networks
disable Windows Defender protections
delete shadow volume copies
configuring operating system to use the Tor and more

Leaked content will give you more insight into how ransomware operators perform their attacks. Futhermore, you can improve your own pentesting skills. Defenders will also benefit from this - you can more eaisly detect and block Conti affilates attacks.

NOTE: Archive containing CobaltStrike crack was removed to please GitHub's Terms of Service.

NOTE2: Materials are written in Russian language (however, due to misspells, threat actor is believed to be Ukrainian citizen)

NOTE3: If something requires password, try "xss.is"

Disclaimer

This project can only be used for educational purposes. Using this software against target systems without prior permission is illegal, and any damages from misuse of this software will not be the responsibility of the author.