zBang – Privileged Account Threat Detection Tool


zBang is a risk assessment tool for Privileged Account Threat Detection on a scanned network, organizations and red teamers can utilize zBang to identify potential attack vectors and improve the security posture of the network.

zBang -  Privileged Account Threat Detection Tool


The results can be analyzed with the graphic interface or by reviewing the raw output files.

The tool is built from five different scanning modules:

  • ACLight scan – discovers the most privileged accounts that must be protected, including suspicious Shadow Admins.
  • Skeleton Key scan – discovers Domain Controllers that might be infected by Skeleton Key malware.
  • SID History scan – discovers hidden privileges in domain accounts with secondary SID (SID History attribute).
  • RiskySPNs scan – discovers risky configuration of SPNs that might lead to credential theft of Domain Admins
  • Mystique scan – discovers risky Kerberos delegation configuration in the network.

Requirements to run zBang Privileged Account Threat Detection Tool

  1. Run it with any domain user. The scans do not require any extra privileges; the tool performs read-only LDAP queries to the DC.
  2. Run the tool from a domain joined machine (a Windows machine).
  3. PowerShell version 3 or above and .NET 4.5 (it comes by default in Windows 8/2012 and above).

zBang Privileged Account Threat Detection Tool Performance

zBang runs quickly and doesn’t need any special privileges over the network. As the only communication required is to the domain controller through legitimate read-only LDAP queries, a typical execution time of zBang on a network with around 1,000 user accounts will be seven minutes.

When you intend to scan large networks with multiple trust-connected domains, it’s recommended to check the domain trusts configuration or run zBang separately from within each domain to avoid possible permission and connectivity issues.

You can download zBang here:

zBang-v1.00.exe
zBang-source-v1.00.zip

Or read more here.

Posted in: Hacking Tools


Latest Posts:


Axiom - Pen-Testing Server For Collecting Bug Bounties Axiom – Pen-Testing Server For Collecting Bug Bounties
Project Axiom is a set of utilities for managing a small dynamic infrastructure setup for bug bounty, basically a pen-testing server out of the box with 1-line.
Quasar RAT - Windows Remote Administration Tool Quasar RAT – Windows Remote Administration Tool
Quasar is a fast and light-weight Windows remote administration tool coded in C#. Used for user support through day-to-day administrative work to monitoring.
Pingcastle - Active Directory Security Assessment Tool Pingcastle – Active Directory Security Assessment Tool
PingCastle is a Active Directory Security Assessment Tool designed to quickly assess the Active Directory security level based on a risk and maturity framework.
Second Order - Subdomain Takeover Scanner Tool Second Order – Subdomain Takeover Scanner Tool
Second Order Subdomain Takeover Scanner Tool scans web apps for second-order subdomain takeover by crawling the application and collecting URLs (and other data)
Binwalk - Firmware Security Analysis & Extraction Tool Binwalk – Firmware Security Analysis & Extraction Tool
Binwalk is a fast and easy to use Python-based firmware security analysis tool that allows for firmware analysis, reverse engineering & extracting of firmware.
zBang - Privileged Account Threat Detection Tool zBang – Privileged Account Threat Detection Tool
zBang is a risk assessment tool for Privileged Account Threat Detection on a scanned network, organizations & red teams can use it to identify attack vectors


2 Responses to zBang – Privileged Account Threat Detection Tool

  1. steve April 23, 2020 at 6:48 am #

    this is a handy threat detection tool that finds hidden privileges and malware.

  2. Devil April 29, 2020 at 11:25 am #

    Sir I want to hack neighbours wifi pass.!! Plz give me a little response sir.!!