|
You are here |
adsecurity.org | ||
| | | | |
blog.xpnsec.com
|
|
| | | | | Recently I've been trying to make sure that my redteam knowledge is up to date, exploring many of the advancements in Active Directory Kerberos attacks... and there have been quite a few! I finally found some free time this week to roll up my sleeves and dig into the internals of some of these attacks, and hopefully document them for other people to learn. This post is the first in a series aimed at explaining what is happening under the hood when you execute your favourite Powerview or Mimikat | |
| | | | |
functionallyparanoid.com
|
|
| | | | | Many of the long-time readers of this blog are going to probably have a panic attack when they read this article because they are going to be asking themselves the question, "Why in the heck does he want to install Active Directory in his life?" The reason, like so many answers to so many of | |
| | | | |
www.tarlogic.com
|
|
| | | | | Kerberos attacks: Kerberos brute-force, ASREPRoast, Kerberoasting, Pass the key, Pass the ticket, Silver ticket and Golden ticket explanation. | |
| | | | |
blog.julik.nl
|
|
| | | The sites which are using Shardine do not only have separate data storage - they all have their own domain names. I frequently need to validate that every site is able to work correctly with the changes I am making. At Cheddar we are also using multiple domains, which is a good security practice due to CORS and CSP. Until recently I didn't really have a good setup for developing with multiple domains, but that has changed - and the setup I ended up with works really, really well. So, let's dive in - it could work just as well for you too! | ||