Sean Metcalfe Path for AD

#spnscanning
#FIM Forefront Identity Manager
#spnscanning for service accounts

what are we do with this in formation attack it.

1 > #Cracking service account passwords #kerberoast
2 > #exploiting group policy preferences.
	  \\Domain>\SYSVOL\<DOMAIN>\Policies\
			Pivoting with local admin
3 > #Mimikatz 
		Dump Credentials
		Dump  Kerberos Tickerts
		Credential Injection
		Generate Silver and/or Golder tickets
#DumpCredentials
		Get access the the NTDS.dit File & extract data
		Dump creds on DC (Local or remote)
	#Dump LSASS process memory
	#NTDSUtil
	#Dump password hashes from NTDS.dit
	#KekeoTOOL [DA rights + DCSync]
#Sneaky AD persistence Tricks
	+ DSRM
	+ SSP
	+ Skeleton key
	+ Sid History
	+ Custom WMI Provider
	+ Powershell Empire
	+ Kerberos Ticket Forging
	+ Local policy
	+ logon scripts
	+ Group Policy
	+ scheduled tasks
	+ WMI
	+ Output | SYSVOL

PreviousA comparative analysis of Open Source Web Application vulnerability scanners (Rana Khalil)NextSecure Docker - HackerSploit

Last updated 1 year ago