NTLM Relay to Domain Admin
Short post outlining a technique used on a recent engagement where I was tasked with gaining domain admin privs starting from an unauthenticated standpoint.
Short post outlining a technique used on a recent engagement where I was tasked with gaining domain admin privs starting from an unauthenticated standpoint.
Active Directory domain enumeration without leveraging PowerView or the Active Directory PowerShell module, will be continuously adding to this.
Making the most out of lockdown in the UK, I decided to enroll in the new Hack The Box pro lab, Cybernetics.
Some notes to myself to use as a reference guide and to gain a better understanding of the privileges and rights assigned to Windows services in the form of SDDL security descriptor strings.
I recently came across the Active Directory Pro blog post Top 25 Active Directory Security Best Practices. It’s a great read for anyone interested in AD security. I decided to type up the 25 points onto my blog so I could quickly reference them easily when required.
Table of reference for Windows user rights assignment.
Instead of having to check the Microsoft docs every time I needed to identify a mysterious SID, I decided to type up the table here so I can reference it easily when required.
Collection of Windows PowerShell Event log commands and Windows Event ID tables.
Domain enumeration will require the use of either PowerView.ps1 or the Active Directory PowerShell Module.
Quick post covering a few different ways to create and generate malcious DLLs for reverse/bind shells and for command execution.
Collection of notes regarding Android application analysis and testing.
Collection of information and tools for Azure configuration reviews and security testing.
Collection of simple/handy commands and my .tmux.conf.
Collection of random snippets including my .vimrc and commands for file/string manipulation in Vim.
Collection of basic Python code templates I’ve developed and/or used on various occasions.
Active Directory domain enumeration without leveraging PowerView or the Active Directory PowerShell module, will be continuously adding to this.
I recently came across the Active Directory Pro blog post Top 25 Active Directory Security Best Practices. It’s a great read for anyone interested in AD security. I decided to type up the 25 points onto my blog so I could quickly reference them easily when required.
Domain enumeration will require the use of either PowerView.ps1 or the Active Directory PowerShell Module.
I recently came across the Active Directory Pro blog post Top 25 Active Directory Security Best Practices. It’s a great read for anyone interested in AD security. I decided to type up the 25 points onto my blog so I could quickly reference them easily when required.
Top 15 IoCs
Below are the Top 15 Indicators of Compromise from DarkReading that I’ve compressed as a quick reference guide.
Collection of Windows PowerShell Event log commands and Windows Event ID tables.
Active Directory domain enumeration without leveraging PowerView or the Active Directory PowerShell module, will be continuously adding to this.
Domain enumeration will require the use of either PowerView.ps1 or the Active Directory PowerShell Module.
headi is a simple HTTP header injection tool written in Go. It automates the process of attempting to bypass forbidden errors on application resources by utilising specific HTTP headers (listed in the following section).
Collection of basic Python code templates I’ve developed and/or used on various occasions.
Quick post covering a few different ways to create and generate malcious DLLs for reverse/bind shells and for command execution.
Building on basic XSS.
Building on basic XSS.
Collection of snippets for basic network configuration and IP/CIDR ranges.
Making the most out of lockdown in the UK, I decided to enroll in the new Hack The Box pro lab, Cybernetics.