Is it possible to prevent Kerbrute from unauthenticated user enumation Active Directory?

Currently looking for a way to prevent unauthenticated user enumeration on a Domain Controller. This is a security precaution I’d like to implement, next to the existing measures taken prevent unauthorized DC access.
Kerbrute states the fo… Continue reading Is it possible to prevent Kerbrute from unauthenticated user enumation Active Directory?

Equivalence of UNC Path Injection and Kerberoasting Attacks on SQL Server

An Active Directory domain is deployed, a domain controller on Windows Server 2019. A computer with SQL Server 2016 is added to it, which is launched under the srv service account. The attacker has unprivileged access to this SQL Server fr… Continue reading Equivalence of UNC Path Injection and Kerberoasting Attacks on SQL Server

I am trying to configure SingleSignOn (Kerberos) and get 2 error messages in the log. Even google hasn’t heard of them

I am trying to activate SingleSignOn for a new browser-based application hosted on a server by us, which we implemented at work recently. The application works flawlessly, the only thing that doesn’t seem to work is the SingleSignOn servic… Continue reading I am trying to configure SingleSignOn (Kerberos) and get 2 error messages in the log. Even google hasn’t heard of them

How to gain code execution through access to CIFS service on Windows?

Is it possible to gain code execution on a machine through access to CIFS service? And if so, how? In my case, I have a valid Kerberos TGS to CIFS service running on a host and I am able to copy and download files. I want to get a shell au… Continue reading How to gain code execution through access to CIFS service on Windows?