It’s been a while since I last posted, I’ve been busy with personal things, but I want to retake sharing things I know about Active Directory exploitation. We’ll continue adding misconfigurations to our Active Directory environment, to further explore ACL exploitation paths. We’ll add a new domain user, max.power in Continue Reading
RT/BT – Active Directory enumeration and ACL exploitation for privilege escalation – Part 1
In this post we will use different tools to analyze an Active Directory environment, both from Linux and Windows. This post is useful for both Pentesters and Blue Team members, as it identifies possible attack vectors and insecure configurations on a domain. Both to exploit from the attacker’s side, and Continue Reading
RT – Known Kerberos attacks – Part 2
In this entry, we continue with some known attacks on Active Directory environments using Kerberos, mainly lateral movement and persistence. One of the oldest and most known ways of lateral movement is Pass the hash, where we use a user’s NTLM hash to gain access to resources or computers where Continue Reading
RT – Kerberos known attacks – Part 1
An important part of the authentication mechanisms and protocols used by Active Directory is Kerberos, which in short, establishes a secure authentication channel between trusted hosts on an untrusted network. Some of the objectives of a Kerberos authentication process are listed in the following section As an attacker, we can Continue Reading
RT – Active Directory basic scenario
Continuation of the previous post, where we’ll start configuring a vulnerable environment to learn how to escalate privileges within an Active Directory scenario abusing insecure configurations. REQUIREMENTS: We’ll start our scenario configuration by adding new local administrator accounts for the two Windows hosts “ATENCION01” and “TECNOLOGIA01”. We login with an Continue Reading
Laboratory – Creating our first Active Directory test enviroment.
In this location, I’ll be showcasing the step by step procedure I usually follow whenever I need to deploy an Active Directory environment, whether it’s for pentesting/red team tests or to try out forensic tools/SOC capabilities or similar (Blue team). To deploy our environment we’ll need a host, dedicated one Continue Reading