Lateral Movement – Pass-the-Hash Attacks
In this post we will take a look A LOT of tools and techniques that can be used to perform a pass-the-hash attack. First, we will dump the local SAM file hashes…
Read MoreLateral Movement – Pass-the-Hash Attacks
SeBackupPrivilege – Windows Privilege Escalation
In this post we are going to extract a copy of the SAM and SYSTEM file from a Windows Server using a service account that has SeBackupPrivilege enabled. We will have a…
Dumping Credentials – SAM File Hashes
In this post, we are going to review various techniques that can be used to dump the local SAM file hashes from a Windows host. To begin, we will examine a scenario…
Dumping Credentials – LSASS Process Hashes
In this post, we are going to explore various tools and techniques that we can use to dump the LSASS process and extract the hashes within. To begin, we will see two…
Dumping Credentials – LSA Domain Hashes
In this blog post we will be exploring how to dump all of the hashes in a domain using an LSA dump. To do this, we will be using three different versions…
Domain Persistence – Golden Ticket and Silver Ticket Attacks
In this blog post we are going to explore both golden ticket and silver ticket attacks. We will use Mimikatz to forge both a golden and silver ticket and see how we…
AD Recon – AS-REP Roasting Attacks
In this blog post, we will learn about AS-REP Roasting attacks and how they can be performed both remotely as well as from a foothold on a target host in the domain.…
AD Escalation – Kerberoasting Attacks
In this blog post, we will explore multiple ways to perform a kerberoasting attack in an Active Directory environment. To begin, we will briefly learn about Kerberos and how a kerberoasting attack…