GUI/Graph Queries Find All Users with an SPN/Find all Kerberoastable Users MATCH (n:User)WHERE n.hasspn=trueRETURN n Find All Users with an SPN/Find all Kerberoastable Users with
Offensive Lateral Movement
Lateral movement is the process of moving from one compromised host to another. Penetration testers and red teamers alike commonly used to accomplish this by executing powershell.exe to run a base64 encoded command on the remote host, which would return a beacon. The problem with this is that offensive PowerShell is not a new concept […]
Kerberosity Killed the Domain: An Offensive Kerberos Overview
Kerberos is the preferred way of authentication in a Windows domain, with NTLM being the alternative. Kerberos authentication is a very complex topic that can
Attacking Azure, Azure AD, and Introducing PowerZure
Over the past decade, Azure’s presence in businesses has grown significantly as new features and support were added to Azure. The purpose of this article
CypherDog Cheatsheet
Bloodhound is a phenominal tool that should be in every pentester’s toolkit, as it literally graphs an attack plan, but that also means that it’s
Penetration Testing Active Directory, Part II
In the previous article, I obtained credentials to the domain three different ways. For most of this part of the series, I will use the
