NTLM Relay to Domain Admin
Short post outlining a technique used on a recent engagement where I was tasked with gaining domain admin privs starting from an unauthenticated standpoint.
- Windows 10
- Snippets 5
- Active Directory 3
- Defence 3
- Enumeration 2
- Tools 2
- Python 1
- Shells 1
- Web Apps 1
- XSS 1
- Networking 1
- Review 1
Windows
Active Directory Domain Enumeration Part 2
Active Directory domain enumeration without leveraging PowerView or the Active Directory PowerShell module, will be continuously adding to this.
HackTheBox - Cybernetics Review
Making the most out of lockdown in the UK, I decided to enroll in the new Hack The Box pro lab, Cybernetics.
SDDL Security Descriptors
Some notes to myself to use as a reference guide and to gain a better understanding of the privileges and rights assigned to Windows services in the form of SDDL security descriptor strings.
Active Directory Security Checklist
I recently came across the Active Directory Pro blog post Top 25 Active Directory Security Best Practices. It’s a great read for anyone interested in AD security. I decided to type up the 25 points onto my blog so I could quickly reference them easily when required.
Windows User Rights Assignment
Table of reference for Windows user rights assignment.
Windows Security Identifiers
Instead of having to check the Microsoft docs every time I needed to identify a mysterious SID, I decided to type up the table here so I can reference it easily when required.
Windows Event Monitoring
Collection of Windows PowerShell Event log commands and Windows Event ID tables.
Active Directory Domain Enumeration
Domain enumeration will require the use of either PowerView.ps1 or the Active Directory PowerShell Module.
DLL Shells
Quick post covering a few different ways to create and generate malcious DLLs for reverse/bind shells and for command execution.
Snippets
Android Snippets
Collection of notes regarding Android application analysis and testing.
Azure Snippets
Collection of information and tools for Azure configuration reviews and security testing.
Tmux Snippets
Collection of simple/handy commands and my .tmux.conf.
Vim Snippets
Collection of random snippets including my .vimrc and commands for file/string manipulation in Vim.
Python Snippets
Collection of basic Python code templates I’ve developed and/or used on various occasions.
Active Directory
Active Directory Domain Enumeration Part 2
Active Directory domain enumeration without leveraging PowerView or the Active Directory PowerShell module, will be continuously adding to this.
Active Directory Security Checklist
I recently came across the Active Directory Pro blog post Top 25 Active Directory Security Best Practices. It’s a great read for anyone interested in AD security. I decided to type up the 25 points onto my blog so I could quickly reference them easily when required.
Active Directory Domain Enumeration
Domain enumeration will require the use of either PowerView.ps1 or the Active Directory PowerShell Module.
Defence
Active Directory Security Checklist
I recently came across the Active Directory Pro blog post Top 25 Active Directory Security Best Practices. It’s a great read for anyone interested in AD security. I decided to type up the 25 points onto my blog so I could quickly reference them easily when required.
Indicators of Compromise
Top 15 IoCs
Below are the Top 15 Indicators of Compromise from DarkReading that I’ve compressed as a quick reference guide.
Windows Event Monitoring
Collection of Windows PowerShell Event log commands and Windows Event ID tables.
Enumeration
Active Directory Domain Enumeration Part 2
Active Directory domain enumeration without leveraging PowerView or the Active Directory PowerShell module, will be continuously adding to this.
Active Directory Domain Enumeration
Domain enumeration will require the use of either PowerView.ps1 or the Active Directory PowerShell Module.
Tools
Release: headi
headi is a simple HTTP header injection tool written in Go. It automates the process of attempting to bypass forbidden errors on application resources by utilising specific HTTP headers (listed in the following section).
Python
Python Snippets
Collection of basic Python code templates I’ve developed and/or used on various occasions.
Shells
DLL Shells
Quick post covering a few different ways to create and generate malcious DLLs for reverse/bind shells and for command execution.
Web Apps
Advanced XSS
Building on basic XSS.
XSS
Advanced XSS
Building on basic XSS.
Networking
Networking Snippets
Collection of snippets for basic network configuration and IP/CIDR ranges.
Review
HackTheBox - Cybernetics Review
Making the most out of lockdown in the UK, I decided to enroll in the new Hack The Box pro lab, Cybernetics.