LDAPmonitor
LDAPmonitor is a tool that monitors any changes made to the target LDAP objects on LIVE
It’s very similar to PSPY in a way that it surveils changes on LIVE
┌──(kali㉿kali)-[~/archive/htb/labs/blackfield]
└─$ KRB5CCNAME=support@dc01.blackfield.local.ccache LDAPmonitor -d BLACKFIELD.LOCAL -u support -k --no-pass --dc-ip $IP
[+]======================================================
[+] LDAP live monitor v1.3 @podalirius_
[+]======================================================
[>] Trying to connect to DC01 ...
[debug] using kerberos cache: support@dc01.blackfield.local.ccache
[debug] Using TGT from cache
[>] Listening for LDAP changes ...Executing LDAPmonitor with the TGT of the support account