Featured

Offensive Lateral Movement

Lateral movement is the process of moving from one compromised host to another. Penetration testers and red teamers alike commonly used to accomplish this by executing powershell.exe to run a base64 encoded command on the remote host, which would return a beacon. The problem with this is that offensive PowerShell is not a new concept […]

Featured

Penetration Testing Active Directory, Part II

In the previous article, I obtained credentials to the domain three different ways. For most of this part of the series, I will use the rsmith user credentials, as they are low-level, forcing us to do privilege escalation. Privilege escalation in Windows can of course come from a missing patch or unquoted service paths, but … Continue reading Penetration Testing Active Directory, Part II

Penetration Testing Active Directory, Part I

I've had several customers come to me before a pentest and say they think they're in a good shape because their vulnerability scan shows no critical vulnerabilities and that they're ready for a pentest, which then leads me to getting domain administrator in fifteen minutes by just exploiting misconfigurations in AD. One of the lapses … Continue reading Penetration Testing Active Directory, Part I