/explore

Click through on any links that interest you or select the planets on the right to continue exploring the Outer Web.
You are here

adsecurity.org
| | zer1t0.gitlab.io
1.2 parsecs away

Travel
| |
| | blog.xpnsec.com
2.0 parsecs away

Travel
| | Recently I've been trying to make sure that my redteam knowledge is up to date, exploring many of the advancements in Active Directory Kerberos attacks... and there have been quite a few! I finally found some free time this week to roll up my sleeves and dig into the internals of some of these attacks, and hopefully document them for other people to learn. This post is the first in a series aimed at explaining what is happening under the hood when you execute your favourite Powerview or Mimikat
| | www.tarlogic.com
1.2 parsecs away

Travel
| | Kerberos attacks: Kerberos brute-force, ASREPRoast, Kerberoasting, Pass the key, Pass the ticket, Silver ticket and Golden ticket explanation.
| | shenaniganslabs.io
20.6 parsecs away

Travel
| By default, domain joined Windows workstations allow access to the network selection UI from the lock screen. An attacker with physical access to a locked device with WiFi capabilities (such as a laptop or a workstation) can abuse this functionality to force the laptop to authenticate against a rogue access point and capture a MSCHAPv2 challenge response hash for the domain computer account. This challenge response hash can then be submitted to crack.sh to recover the NTLM hash of the computer account in less than 24 hours. Once recovered, this NTLM hash combined with the domain SID can be used to forge Kerberos silver tickets to impersonate a privileged user and compromise the host. An example of this is to create a silver ticket for the CIFS service of the...