Clik here to view.
Active Directory Pentesting Using Netexec Tool: A Complete Guide
Active Directory (AD) penetration testing is an essential part of the security assessment of enterprise networks. The Netexec tool offers a wide range of capabilities for AD enumeration, credential...
View ArticleClik here to view.
Abusing AD-DACL: AddSelf
In this post, we will explore the exploitation of Discretionary Access Control Lists (DACL) using the AddSelf permission in Active Directory environments. By exploiting this misconfiguration, attackers...
View ArticleClik here to view.
Diamond Ticket Attack: Abusing kerberos Trust
The Diamond Ticket attack represents a sophisticated escalation in Active Directory (AD) exploitation methods, leveraging intricate flaws in Kerberos authentication and authorization mechanisms. This...
View ArticleClik here to view.
Credential Dumping: AD User Comment
In this article, we shall explore different tools & techniques that help us enumerate Active Directory (AD) users’ passwords using which an attacker can expand their access within the organization....
View ArticleClik here to view.
AD Recon: Kerberos Username Bruteforce
In this post, we explore the exploitation technique known as the Kerberos pre-authentication brute-force attack. This attack takes advantage of Kerberos authentication responses to determine valid...
View ArticleClik here to view.
Abusing AD Weak Permission Pre2K Compatibility
Pre2K (short for “Pre-Windows 2000”) Active Directory misconfigurations often stem from overlooked legacy settings in Windows environments. Common issues include enabling NTLM or SMBv1 for backward...
View ArticleClik here to view.
Shadow Credentials Attack
In this post, we explore the exploitation technique known as the Shadow Credentials attack. This attack leverages the mismanagement or exploitation of Active Directory Certificate Services (AD CS) to...
View ArticleClik here to view.
Credential Dumping: GMSA
ReadGMSAPassword Attack is a technique where attackers abuse misconfigured Group Managed Service Accounts (gMSA) to retrieve their passwords. In Active Directory, only specific computers or users...
View ArticleClik here to view.
AD Certificate Exploitation: ESC1
The AD CS (Active Directory Certificate Services) certificate template is a predefined configuration in Microsoft AD CS that defines the type of certificate a user, computer, or service can request. It...
View ArticleClik here to view.
Sapphire Ticket Attack: Abusing Kerberos Trust
The broad usage of Active Directory has made Kerberos attack the bread and butter of many hackers. Researchers have discovered the following new attacks techniques that allow an adversary to gain...
View Article