Recent Active Directory Posts

  • Grow Your Own SCCM Lab!
    The offensive usage of SCCM has become a big topic in recent months and years. In this article, I will cover the basics of SCCM and how to configure an SCCM lab from scratch. I also have another article which shows the currently known attack vectors involving SCCM. As with every article on SCCM, lets … Continue reading Grow Your Own SCCM Lab!
  • Offensive SCCM Summary
    This article aims to summarise the currently available tooling (August 2023), as well as the attack vectors which are present. My previous article covers the basics of SCCM and how to configure an SCCM lab from scratch. In summary, I believe the SCCM attack surface is currently not especially well understood or covered by most … Continue reading Offensive SCCM Summary
  • BloodHound & Cypher Language
    A look at the more complex features of BloodHound’s Cypher query language, with several examples of how it can be used to audit an environment.
  • BloodHound Basics
    A quick primer on the basics of BloodHound, the well-known Active Directory auditing tool
  • Digging Into Mimikatz’s lsadump And sekurlsa
    Mimikatz is a tool which has always surprised me with how many functions and features it has. In this post I dig into the lsadump and sekurlsa functions to see what all of the modules do.
  • AD CS – The ‘Certified Pre-Owned’ Attacks
    A look at abusing digital certificates, leveraging ADCS. Featuring the famous THEFT5, ESC1 and ESC8 attacks found by SpecterOps
  • AD CS – What Can Be Misconfigured?
    Introduction The aim of this post is to go into more detail on the attacks described within the excellent ‘Certified Pre-Owned’ blog post & whitepaper produced by SpecterOps. This post will show how to configure a test environment which is vulnerable to the attacks they describe. If you are unfamiliar with AD CS, I have … Continue reading AD CS – What Can Be Misconfigured?
  • AD CS – The Basics
    Delving into the basics of digital certificates within an Windows environment, better known as ADCS. Covering concepts as CSRs, EKUs and SANs