A look at the more complex features of BloodHound's Cypher query language, with several examples of how it can be used to audit an environment.
Category: Active Directory
BloodHound Basics
A quick primer on the basics of BloodHound, the well-known Active Directory auditing tool
Digging Into Mimikatz’s lsadump And sekurlsa
Mimikatz is a tool which has always surprised me with how many functions and features it has. In this post I dig into the lsadump and sekurlsa functions to see what all of the modules do.
AD CS – The ‘Certified Pre-Owned’ Attacks
Overview This post will cover the attacks detailed in the white-paper produced by SpecterOps. The most well-known of which is the 'ESC8' attack - where a standard domain user can escalate to Domain Admin, given a vulnerable environment. If AD CS is a new concept to you, then I have a post covering the basics, … Continue reading AD CS – The ‘Certified Pre-Owned’ Attacks
AD CS – What Can Be Misconfigured?
Introduction The aim of this post is to go into more detail on the attacks described within the excellent 'Certified Pre-Owned' blog post & whitepaper produced by SpecterOps. This post will show how to configure a test environment which is vulnerable to the attacks they describe. If you are unfamiliar with AD CS, I have … Continue reading AD CS – What Can Be Misconfigured?
AD CS – The Basics
Introduction This post will cover the basics of Active Directory Certificate Services (AD CS) and how we can use certificates for offensive security. I have two other posts on this subject. The first of which covers some of the dangerous misconfigurations. And secondly, how we can actually perform the attacks. For those unfamiliar, AD CS … Continue reading AD CS – The Basics