Recently Updated Pages
Conclusion
There are several different ways that we can persist in AD. Some of these techniques persist bett...
Persitence through Group Membership
If we don't want to tamper with SID histories, we can just add ourselves directly to AD groups fo...
Persistence through SID History
The Security IDentifiers (SIDs) have been discussed before. But for a recap, SIDs are used to tra...
Persistence through Certificates
A quick note here. The techniques discussed from this point forward are incredibly invasive and h...
La Focaccia
[!info] La recette permets de faire une petite focaccia. Prévoir environ 5 à 6 heures dans une p...
Kouign Amann
[!IMPORTANT] Cette recette se base sur la recette originale du président de l'association du Kou...
Persistence through Credentials
Congratulations weary traveler! After breaching AD, performing enumeration, and exploiting it all...
Exploiting Domain Trusts
Even though we have access to Tier 0 infrastructure, this is still not enough. We have only explo...
Exploiting AD Users
We have gotten quite far with our exploitation up to this point. We have full administrative acce...
Exploiting Kerberos Delegation
Next, we will take a look at Kerberos Delegation. When you talk about AD Delegation, this is usua...
Buffer Overflows
For this example, look at overflow-3 folder. Inside this folder, you’ll find the following C code...
Overwriting Function Pointers
For this example, look at the overflow- 2 folder. Inside this folder, you’ll notice the following...
Overwriting Variables
Now that we’ve looked at all the background information, let’s explore how the overflows actually...
Endianess
In the above programs, you can see that the binary information is represented in hexadecimal form...
Procedures Continued
The explanation assumes that the current point of execution is inside the calc function. In this ...
x86-64 Procedures
A program would usually comprise of multiple functions and there needs to be a way of tracking wh...
Process Layout
When a program runs on a machine, the computer runs the program as a process. Current computer ar...
Conclusion
In this room, we have discussed the many ways an attacker can move around a network once they hav...
Moving Laterally Using WMI
We can also perform many techniques discussed in the previous task differently by using Windows M...
Conclusion
A significant amount of attack avenues can be followed to breach AD. We covered some of those com...