Secure your network with our expert guide on Active Directory security. Learn about the importance of securing your Active Directory infrastructure and how to implement best practices for protecting against cyberattacks. Stay ahead of the game with our comprehensive guide.
Kerberoasting is a type of attack that exploits the way Microsoft Active Directory handles service accounts. In this article, we will explore how to perform Kerberoasting with CrackMapExec, a powerful penetration testing tool. We will cover the basics of Kerberos authentication, how Kerberoasting works, and how to use CrackMapExec to extract Kerberos tickets and crack […]
Read More “Kerberoasting with CrackMapExec: A Comprehensive Guide”
Today I will write about Kerberos Penetration Testing, which Active Directory uses to manage authentication inside the corporate environments. First a brief explanation about how Kerberos works and what we should know before try to hack Kerberos. How does Kerberos work? Kerberos Components TGT – Ticket Granting Ticket SPN – Service Principals Names are associated […]
The Active Directory Pass the Hash (PtH) attack is a type of credential theft attack that allows an attacker to bypass authentication measures and gain unauthorized access to systems. In this attack, the attacker steals the hash of a user’s login credentials from one system and uses it to authenticate to another system without the […]
Read More “Understanding the Active Directory Pass the Hash Attack”
Learn how to crack Active Directory Passwords using Hashcat Crack LM Hashs LM hash is used by Microsoft LAN manager used on old versions, which is totally insecure. We can crack LM with hashcat using: How to prevent Windows from storing a LAN manager hash of your password in Active Directory and local SAM databases […]
Today I am writing about Active Directory penetration Testing methodology, this is part of my study for eCPPTv2 by eLearningSecurity and CRTP by Pentester Academy. Active Directory is a service to manage corporate domains it can handle all types of Microsoft services and objects applying for permissions while handling all accounting centralized. My goal in […]
Read More “Active Directory Penetration Testing: Methodology”
In this tutorial, we will learn steps to start our journey on Active Directory enumeration, first step is to enumerate information about the Domain. Then we will extract information about the Users, Computers, Domain Administrators, Enterprise Administrators, and network shares. Understand how to start enumerating a Domain Controller and escalate your privileges inside the network. […]
How to Install Bloodhound on Linux and correct Java problems. Install JAVA and Dependencies Install Neo4J Neo4J Configuration File Reset Neo4J Password Linux Installation BloodHound Configure Bloodhound Only collect from the DC, doesn’t query the computers (more stealthy) Data Collection Windows – SharpHound Windows – Powershell Windows – RustHound Cloud Azure
Privilege escalation is a critical security issue in Windows operating systems, as it allows attackers to gain elevated access to a system or network, giving them the ability to perform malicious activities, such as installing malware, stealing sensitive data, and creating backdoors for future access. Therefore, understanding the fundamentals of Windows privilege escalation is essential […]
Read More “Windows Privilege Escalation Fundamentals: A Guide for Security Professionals”
Learn how advanced Active Directory Attacks are executed and secure your infrastructure. On Going Study… Domain Enumeration with PowerView Active Directory Attacks – Initial Attack Vectors active directory vulnerabilities LLMNR Poisoning / SMB Relay Attacks https://attack.mitre.org/techniques/T1557/001/ Capturing NTLMv2 Hashs SMB Signing Disable Passback Attack Enumerating Domain Data with Bloodhound Active Directory Attacks – Post-Compromise Pass […]
Introduction to Active Directory enumeration with PowerShell for pen-testers. Understand how to start enumerating a Domain Controller and escalate
