In the previous article, I obtained credentials to the domain three different ways. For most of this part of the series, I will use the rsmith user credentials, as they are low-level, forcing us to do privilege escalation. Privilege escalation in Windows can of course come from a missing patch or unquoted service paths, but … Continue reading Penetration Testing Active Directory, Part II
I started my OSCP journey well over a year ago, almost two. It was a long time ago, but I remember still not knowing a lot and having anxiety because I'm not sure I'd do so well. When I finally decided to enroll, it was because someone told me that I didn't have enough experience … Continue reading Yet Another OSCP Exam Blog Post
Bloodhound is a phenominal tool that should be in every pentester's toolkit, as it literally graphs an attack plan, but that also means that it's just as useful to the blue team. When I do pentests or risk assessments and show the client Bloodhound, they're both AmazedConfused on how to use it The tool in … Continue reading BloodHound and CypherDog Cheatsheet
I've had several customers come to me before a pentest and say they think they're in a good shape because their vulnerability scan shows no critical vulnerabilities and that they're ready for a pentest, which then leads me to getting domain administrator in fifteen minutes by just exploiting misconfigurations in AD. One of the lapses … Continue reading Penetration Testing Active Directory, Part I
When Invoke-Obfuscation came out in late 2016, I, and I'm sure many other pentesters, rejoiced at the fact that our commands bypassed AV like it wasn't even there. Empire payload? Easy. Privilege escalation Powershell scripts? Not a problem. In 2016, Windows Defender was but an annoying feature in Windows that would just catch Cain & … Continue reading Suck it, Windows Defender.