domain escalation from a low-privileged user to a domain admin Petitpotam is a vulnerability that allows a domain user to take over domain controllers through triggering authentications using the MS-EFSRPC protocol. The vulnerability lies in the insufficient path checks in the EfsRpcOpenFileRaw function of the EFSRPC API that allows an…

Trust this user/computer for delegation to specified services only Delegation is the act of giving someone authority or responsibility to do something on behalf of someone else. …

Abuse Active Directory domain trusts for privilege escalation to Enterprise Admin In the previous post about enumerating domain trusts, we discussed trust relationships between domains and forests. …

Trust this user/computer for delegation to any service Delegation is the act of giving someone authority or responsibility to do something on behalf of someone else. …

Forge Service Tickets (TGS) with Kerberoasting MITRE ATT&CK ID: T1558.003, Active HTB machine Today, we will discuss an old and well-known attack against Kerberos authentication during an Active Directory pentesting assessment called Kerberoasting. We will go over the attack overview, prerequisites, and the steps needed to conduct the attack. …

Lateral Movement Attack in Active Directory Environment, MITRE ATT&CK — ID: T1550.00 After compromising a domain user on the network, the next step is to gather all usernames, hashes, sensitive information, and anything that helps pivot to other machines within the network. …

Understanding Active Directory trusts within domains and forests using PowerView Domain Trusts are relationships that allow communications between domains within one forest or multiple forests. In an Active Directory environment, these relationships allow users and groups to share resources within the organization’s networks. Some trusts are generated automatically, like Parent-Child…

Understanding Active Directory Controls — ACLs, ACEs, DACLs, and SACLs Access Controls are a set of permissions given to an object. In an active directory environment, an object is an entity that represents an available resource within the organization’s network, such as domain controllers, users, groups, computers, shares, etc. …

Java JNDI Injection, Log4J library, Log4Shell — CVE-2021–44228 Last Thursday, a vulnerability was disclosed in the Log4J logging library affecting many Java Applications worldwide. …