Lateral movement is the process of moving from one compromised host to another. Penetration testers and red teamers alike commonly used to accomplish this by executing powershell.exe to run a base64 encoded command on the remote host, which would return a beacon. The problem with this is that offensive PowerShell is not a new concept […]
GUI/Graph Queries Find All Users with an SPN/Find all Kerberoastable Users MATCH (n:User)WHERE n.hasspn=trueRETURN n Find All Users with an SPN/Find all Kerberoastable Users with passwords last set > 5… Read more BloodHound Cypher Cheatsheet →
I started my OSCP journey well over a year ago, almost two. It was a long time ago, but I remember still not knowing a lot and having anxiety because I’m not sure I’d do so well. When I finally decided to enroll, it was because someone told me that I didn’t have enough experience and I’d fail. If there’s one thing I am, it’s competitive. When someone tells me I’ll fail or there’s a low chance of success, I’m going to do it. So I enrolled in Penetration Testing… Read more Yet Another OSCP Exam Blog Post →
Bloodhound is a phenominal tool that should be in every pentester’s toolkit, as it literally graphs an attack plan, but that also means that it’s just as useful to the blue team. When I do pentests or risk assessments and show the client Bloodhound, they’re both Amazed Confused on how to use it The tool in itself isn’t confusing, it’s just there’s so much data and so much you can do, that it becomes overwhelming quickly, especially from a blue team perspective where there’s all these paths leading to a… Read more CypherDog Cheatsheet →
In the previous article, I obtained credentials to the domain three different ways. For most of this part of the series, I will use the rsmith user credentials, as they… Read more Penetration Testing Active Directory, Part II →
