Explore >> Select a destination
|
You are here 
|
cornerpirate.com | ||
| | | | |
blog.xpnsec.com
|
|
| | | | | In this post we will be exploring another "roasting" method which involves exploiting a weak account configuration setting in Active Directory.. AS-REP Roasting. | |
| | | | |
shenaniganslabs.io
|
|
| | | | | By default, domain joined Windows workstations allow access to the network selection UI from the lock screen. An attacker with physical access to a locked device with WiFi capabilities (such as a laptop or a workstation) can abuse this functionality to force the laptop to authenticate against a rogue access point and capture a MSCHAPv2 challenge response hash for the domain computer account. This challenge response hash can then be submitted to crack.sh to recover the NTLM hash of the computer account in less than 24 hours. Once recovered, this NTLM hash combined with the domain SID can be used to forge Kerberos silver tickets to impersonate a privileged user and compromise the host. An example of this is to create a silver ticket for the CIFS service of the... | |
| | | | |
njmulsqb.github.io
|
|
| | | | | Explore real-world insights from a successful penetration test on an enterprise Active Directory environment. Learn how the domain controllers were compromised within just a few hours using multiple attack vectors. From initial recon to privilege escalation and lateral movement, this case study offers a comprehensive guide to Active Directory security weaknesses and how to fortify them. | |
| | | | |
allelesecurity.com
|
|
| | | Penetration Testing complements a mature and efficient Information Security process by reporting security and privacy issues in infrastructure and applications. Penetration Testing can be conducted to discover, understand, mitigate and fix potential vulnerabilities that may affect your business. | ||
