- Grow Your Own SCCM Lab!
The offensive usage of SCCM has become a big topic in recent months and years. In this article, I will cover the basics of SCCM and how to configure an … Continue reading Grow Your Own SCCM Lab! - Offensive SCCM Summary
This article aims to summarise the currently available tooling (August 2023), as well as the attack vectors which are present. My previous article covers the basics of SCCM and how … Continue reading Offensive SCCM Summary - BloodHound & Cypher Language
A look at the more complex features of BloodHound’s Cypher query language, with several examples of how it can be used to audit an environment. - BloodHound Basics
A quick primer on the basics of BloodHound, the well-known Active Directory auditing tool - Digging Into Mimikatz’s lsadump And sekurlsa
Mimikatz is a tool which has always surprised me with how many functions and features it has. In this post I dig into the lsadump and sekurlsa functions to see what all of the modules do. - AD CS – The ‘Certified Pre-Owned’ Attacks
A look at abusing digital certificates, leveraging ADCS. Featuring the famous THEFT5, ESC1 and ESC8 attacks found by SpecterOps - AD CS – What Can Be Misconfigured?
Introduction The aim of this post is to go into more detail on the attacks described within the excellent ‘Certified Pre-Owned’ blog post & whitepaper produced by SpecterOps. This post … Continue reading AD CS – What Can Be Misconfigured? - AD CS – The Basics
Delving into the basics of digital certificates within an Windows environment, better known as ADCS. Covering concepts as CSRs, EKUs and SANs