Featured

Penetration Testing Active Directory, Part II

In the previous article, I obtained credentials to the domain three different ways. For most of this part of the series, I will use the rsmith user credentials, as they are low-level, forcing us to do privilege escalation. Privilege escalation in Windows can of course come from a missing patch or unquoted service paths, but … Continue reading Penetration Testing Active Directory, Part II

Featured

Penetration Testing Active Directory, Part I

I've had several customers come to me before a pentest and say they think they're in a good shape because their vulnerability scan shows no critical vulnerabilities and that they're ready for a pentest, which then leads me to getting domain administrator in fifteen minutes by just exploiting misconfigurations in AD. One of the lapses … Continue reading Penetration Testing Active Directory, Part I

Active Directory Assessment and Privilege Escalation Script 2.0

Featured

  I take absolutely no credit for the modules used in this script. A massive thanks to Tim Medin, Kevin Robertson, Marcello Salvati, Will Schroeder and the rest of the team at Specter Ops for the modules used in this script. Finally, thanks to Daniel Bohannon for writing Invoke-Obfuscation, which was used to obfuscate all … Continue reading Active Directory Assessment and Privilege Escalation Script 2.0

The Rise of C# and using Kali as a C2 Server with SILENTTRINITY

There's been a disturbance in pentesting, have you felt it? More mature environments have finally caught on that Powershell can be used for malicious gains and pentesters could own your domain with a few Powershell commands, so admins have began to lock it down, EDRs have began to alert, and thus the saying goes, necessity … Continue reading The Rise of C# and using Kali as a C2 Server with SILENTTRINITY