Skip to main content

Recently Updated Pages

NTLM Authenticated Services

Red Team - Windows Active Directory - Breaching

NTLM and NetNTLM New Technology LAN Manager (NTLM) is the suite of security protocols used to au...

Updated 4 months ago by Arthur Reppelin

Trees, Forests and Trusts

Red Team - Windows Active Directory - Basics

So far, we have discussed how to manage a single domain, the role of a Domain Controller and how ...

Updated 4 months ago by Arthur Reppelin

Authentication Methods

Red Team - Windows Active Directory - Basics

When using Windows domains, all credentials are stored in the Domain Controllers. Whenever a user...

Updated 4 months ago by Arthur Reppelin

Group Policies

Red Team - Windows Active Directory - Basics

So far, we have organised users and computers in OUs just for the sake of it, but the main idea b...

Updated 4 months ago by Arthur Reppelin

Managing Computers

Red Team - Windows Active Directory - Basics

By default, all the machines that join a domain (except for the DCs) will be put in the container...

Updated 4 months ago by Arthur Reppelin

Conclusion

Red Team - Windows Active Directory - Persisting

There are several different ways that we can persist in AD. Some of these techniques persist bett...

Updated 4 months ago by Arthur Reppelin

Persitence through Group Membership

Red Team - Windows Active Directory - Persisting

If we don't want to tamper with SID histories, we can just add ourselves directly to AD groups fo...

Updated 4 months ago by Arthur Reppelin

Persistence through SID History

Red Team - Windows Active Directory - Persisting

The Security IDentifiers (SIDs) have been discussed before. But for a recap, SIDs are used to tra...

Updated 4 months ago by Arthur Reppelin

Persistence through Certificates

Red Team - Windows Active Directory - Persisting

A quick note here. The techniques discussed from this point forward are incredibly invasive and h...

Updated 4 months ago by Arthur Reppelin

La Focaccia

Recipes

[!info] La recette permets de faire une petite focaccia. Prévoir environ 5 à 6 heures dans une p...

Updated 4 months ago by Arthur Reppelin

Kouign Amann

Recipes

[!IMPORTANT] Cette recette se base sur la recette originale du président de l'association du Kou...

Updated 4 months ago by Arthur Reppelin

Persistence through Credentials

Red Team - Windows Active Directory - Persisting

Congratulations weary traveler! After breaching AD, performing enumeration, and exploiting it all...

Updated 4 months ago by Arthur Reppelin

Exploiting Domain Trusts

Red Team - Windows Active Directory - Exploiting

Even though we have access to Tier 0 infrastructure, this is still not enough. We have only explo...

Updated 4 months ago by Arthur Reppelin

Exploiting AD Users

Red Team - Windows Active Directory - Exploiting

We have gotten quite far with our exploitation up to this point. We have full administrative acce...

Updated 4 months ago by Arthur Reppelin

Exploiting Kerberos Delegation

Red Team - Windows Active Directory - Exploiting

Next, we will take a look at Kerberos Delegation. When you talk about AD Delegation, this is usua...

Updated 4 months ago by Arthur Reppelin

Buffer Overflows

Red Team - Buffer Overflows

For this example, look at overflow-3 folder. Inside this folder, you’ll find the following C code...

Updated 4 months ago by Arthur Reppelin

Overwriting Function Pointers

Red Team - Buffer Overflows

For this example, look at the overflow- 2 folder. Inside this folder, you’ll notice the following...

Updated 4 months ago by Arthur Reppelin

Overwriting Variables

Red Team - Buffer Overflows

Now that we’ve looked at all the background information, let’s explore how the overflows actually...

Updated 4 months ago by Arthur Reppelin

Endianess

Red Team - Buffer Overflows

In the above programs, you can see that the binary information is represented in hexadecimal form...

Updated 4 months ago by Arthur Reppelin

Procedures Continued

Red Team - Buffer Overflows

The explanation assumes that the current point of execution is inside the calc function. In this ...

Updated 4 months ago by Arthur Reppelin