NTLM Relay to Domain Admin
Short post outlining a technique used on a recent engagement where I was tasked with gaining domain admin privs starting from an unauthenticated standpoint.
Posts by Category
- Windows 7
- Snippets 4
- Active Directory 2
- Enumeration 2
- Shells 1
- XSS 1
- Defence 1
- JavaScript 1
- Python 1
Windows
Active Directory Domain Enumeration Part 2
Active Directory domain enumeration without leveraging PowerView or the Active Directory PowerShell module, will be continuously adding to this.
Windows User Rights Assignment
Table of reference for Windows user rights assignment.
Windows Security Identifiers
Instead of having to check the Microsoft docs every time I needed to identify a mysterious SID, I decided to type up the table here so I can reference it eas...
Windows Event Monitoring
Collection of Windows PowerShell Event log commands and Windows Event ID tables.
Active Directory Domain Enumeration
Domain enumeration will require the use of either PowerView.ps1 or the Active Directory PowerShell Module.
DLL Shells
Quick post covering a few different ways to create and generate malcious DLLs for reverse/bind shells and for command execution.
Snippets
Android Snippets
Collection of notes regarding Android application analysis and testing.
Azure Snippets
Collection of information and tools for Azure configuration reviews and security testing.
Tmux Snippets
Collection of simple/handy commands and my .tmux.conf.
Vim Snippets
Collection of random snippets including my .vimrc and commands for file/string manipulation in Vim.
Active Directory
Active Directory Domain Enumeration Part 2
Active Directory domain enumeration without leveraging PowerView or the Active Directory PowerShell module, will be continuously adding to this.
Active Directory Domain Enumeration
Domain enumeration will require the use of either PowerView.ps1 or the Active Directory PowerShell Module.
Enumeration
Active Directory Domain Enumeration Part 2
Active Directory domain enumeration without leveraging PowerView or the Active Directory PowerShell module, will be continuously adding to this.
Active Directory Domain Enumeration
Domain enumeration will require the use of either PowerView.ps1 or the Active Directory PowerShell Module.
Shells
DLL Shells
Quick post covering a few different ways to create and generate malcious DLLs for reverse/bind shells and for command execution.
XSS
Basic XSS
Some basic XSS attacks.
Defence
Windows Event Monitoring
Collection of Windows PowerShell Event log commands and Windows Event ID tables.
JavaScript
JS AWAE Prep
Post mainly revolves around going beyond basic XSS payloads and utilising external Js to further our attack. XMLHttpRequest examples will likely come in hand...
Python
Python AWAE Prep
Collection of code snippets/templates I’ve either developed or used on some occasion that may become useful during AWAE.