Collaborate Disseminate
An organization my friend works for was recently hacked, and the hackers published a file with over 100,000 names and passwords, including theirs. An IT person in the organization told me that the hackers seem to have found an encrypted fi… Continue reading Hacked list of AD logins and passwords
An Active Directory domain is deployed, a domain controller on Windows Server 2019. A computer with SQL Server 2016 is added to it, which is launched under the srv service account. The attacker has unprivileged access to this SQL Server fr… Continue reading Equivalence of UNC Path Injection and Kerberoasting Attacks on SQL Server
Attivo Networks announced the availability of a research report conducted by Enterprise Management Associates (EMA) which focuses on Active Directory (AD), exploring the obstacles and threats organizations face when protecting AD and how they adapt to … Continue reading Obstacles and threats organizations face when protecting AD
There are many articles out there stating that a user’s encrypted files are lost after an administrator resets the password of that user.
I tried:
Logged on as user (Domain User) with password 54321
created a file named test.txt on the de… Continue reading EFS-encrypted files not lost when domain admin resets password
In this post, I will show you how to join Windows Server 2022 Core to an Active Directory (AD) domain. So, if you are you looking for more wholesome Windows Server 2022 goodness, you came to the right place! Joining Windows Server Core to an Active Directory domain lets you manage the security of the […] Continue reading How to Join Windows Server 2022 Core to Active Directory
I’ve done a couple of boxes with bloodhound and found that I can’t just run bloodhound-python on every account I can find, even with username & password. What makes an account open to bloodhound-python? Is there a way to check if blood… Continue reading When can bloodhound-python be run on an account?
Is there any known legitimate reason that notepad.exe would make network connections to a domain controller? I observed this behavior. The first connection was to port 135 and the second was to one of the Microsoft RPC dynamic ports. In ad… Continue reading Any legitimate reason for notepad.exe to make network connections
I’m following this article to reproduce the EFS bug: https://blog.truesec.com/2021/08/05/from-stranger-to-da-using-petitpotam-to-ntlm-relay-to-active-directory/
My environment:
Windows 2016 AD (Hostname: W2016$)
Windows 2016 SRV01 (Runnin… Continue reading Trying to reproduce petitpotam exploit, got "KDC_ERROR_CLIENT_NOT_TRUSTED (62)" error
When I enter my domain admin user credentials into the RDP Window, does the Client also save my password hash?
Example:
Windows 10 Client -> Remote Desktop -> Enter Domain Admin User and Password -> Connect to Domain Controller or… Continue reading Are Credentials used in RDP cached on Client?
Unpacking the layers of a cyberattack is rarely a simple task. You need to analyze many potential entry points, attack paths, and data exfiltration tactics to reveal the scope of what took place—all while the culprits are potentially taking steps to co… Continue reading Finding and using the right cybersecurity incident response tools