Collaborate Disseminate
SpecterOps released version 5.0 of BloodHound Community Edition (CE), a free and open-source penetration testing solution that maps attack paths in Microsoft Active Directory (AD) and Azure (including Azure AD/Entra ID) environments. It is available fo… Continue reading Open-source penetration testing tool BloodHound CE released
PowerShell is a powerful scripting language for many reasons. One such reason is its support for conditional logic, which can help you supercharge your PowerShell scripts to make them even more efficient and effective. In this article, I’m going to teach you how to use If, Else, and Elseif conditional logic and explain how this…
The post How to Use PowerShell If Statements to Add Conditional Logic to Your Scripts appeared first on Petri IT Knowledgebase.
Continue reading How to Use PowerShell If Statements to Add Conditional Logic to Your Scripts
I identified several signs of attacks that use forged certificates inside the network and developed a Proof-of-Concept utility capable of finding artifacts in AD, as well as a number of detection logic rules that can be added to SIEM. Continue reading Anomaly detection in certificate-based TGT requests
I am connected to a Windows workstation with a basic domain user account.
I have downloaded and installed Powersploit. I have also tried with Powerview.
There is a command called Get-DomainObjectAcl. This command shows us ACL on AD objects… Continue reading Get exhaustive domain user rights on domain with Powerview/Powersploit
I am working with Sharphound / Bloodhound tools to create a "map" of my active directory domain. It works fine.
I have now a complex environment. There are multiple domains/forests. There is trust between them.
Is there a way to … Continue reading Sharphound / Bloodhound full enumeration
Assume I have physical access to a Windows computer connected to an Active Directory domain. The computer has cached credentials, but I am not logged in. Would it be possible to get the unencrypted credentials in a way other than decryptin… Continue reading Accessing cached credentials without password on physically accessible computer connected to AD
I recently spoke to Sean Deuby, who is Principal Technologist at Semperis and an Identity expert. Sean told me about the importance of protecting identities in the current landscape and how Identity Threat Detection and Response (ITDR) is a critical component of the Zero Trust security model. The emergence of cloud computing and the shift…
The post The Role of Identity Threat and Detection Response in Zero Trust Security appeared first on Petri IT Knowledgebase.
Continue reading The Role of Identity Threat and Detection Response in Zero Trust Security
I’m currently working on a lab for AD penetration testing and want some of the machines to have a logon, including the TGT, for a specific domain user cached. So far I couldn’t come up with anything better than using the Winlogon feature. … Continue reading simulating a domain user logon on machine startup
Last month, Google introduced passkey support for consumer Google accounts….
The post Google Workspace Introduces Passkey Support to Protect Users Against Phishing Attacks appeared first on Petri IT Knowledgebase.
Looking around I found some information regarding NTDS.dit encryption and I wanted to learn a little bit more around the BOOTKEY and whether this is rotated each boot up sequence or is just held static? Or is it changed every 30 days or so… Continue reading Encryption of NTDS.dit (BOOTKEY)