Recently Updated Pages
NTLM Authenticated Services
NTLM and NetNTLM New Technology LAN Manager (NTLM) is the suite of security protocols used to au...
Trees, Forests and Trusts
So far, we have discussed how to manage a single domain, the role of a Domain Controller and how ...
Authentication Methods
When using Windows domains, all credentials are stored in the Domain Controllers. Whenever a user...
Group Policies
So far, we have organised users and computers in OUs just for the sake of it, but the main idea b...
Managing Computers
By default, all the machines that join a domain (except for the DCs) will be put in the container...
Conclusion
There are several different ways that we can persist in AD. Some of these techniques persist bett...
Persitence through Group Membership
If we don't want to tamper with SID histories, we can just add ourselves directly to AD groups fo...
Persistence through SID History
The Security IDentifiers (SIDs) have been discussed before. But for a recap, SIDs are used to tra...
Persistence through Certificates
A quick note here. The techniques discussed from this point forward are incredibly invasive and h...
La Focaccia
[!info] La recette permets de faire une petite focaccia. Prévoir environ 5 à 6 heures dans une p...
Kouign Amann
[!IMPORTANT] Cette recette se base sur la recette originale du président de l'association du Kou...
Persistence through Credentials
Congratulations weary traveler! After breaching AD, performing enumeration, and exploiting it all...
Exploiting Domain Trusts
Even though we have access to Tier 0 infrastructure, this is still not enough. We have only explo...
Exploiting AD Users
We have gotten quite far with our exploitation up to this point. We have full administrative acce...
Exploiting Kerberos Delegation
Next, we will take a look at Kerberos Delegation. When you talk about AD Delegation, this is usua...
Buffer Overflows
For this example, look at overflow-3 folder. Inside this folder, you’ll find the following C code...
Overwriting Function Pointers
For this example, look at the overflow- 2 folder. Inside this folder, you’ll notice the following...
Overwriting Variables
Now that we’ve looked at all the background information, let’s explore how the overflows actually...
Endianess
In the above programs, you can see that the binary information is represented in hexadecimal form...
Procedures Continued
The explanation assumes that the current point of execution is inside the calc function. In this ...