Dumping Domain Password Hashes It is very common during penetration tests where domain administrator access has been achieved to extract the passwo ... 2018-07-04
SPN Discovery Services that support Kerberos authentication require to have a Service Principal Name (SPN) associated to point use ... 2018-06-04
Situational Awareness A common step in the life-cycle of a red team engagement is to gather as much information is possible for the compro ... 2018-05-28
Lateral Movement – WinRM WinRM stands for Windows Remote Management and is a service that allows administrators to perform management tasks o ... 2018-05-15
AppLocker Bypass – CMSTP CMSTP is a binary which is associated with the Microsoft Connection Manager Profile Installer. It accepts INF files ... 2018-05-10
NBNS Spoofing Netbios Name Service (NBT-NS) is used in Windows networks for communication between hosts. Systems will use this ser ... 2018-05-08
Lateral Movement – RDP The Remote Desktop Protocol (RDP) is widely used across internal networks by Administrators. This allows systems own ... 2018-04-24
Skeleton Key The Skeleton Key is a malware which is stored in memory which allows an attacker to authenticate as any domain user ... 2018-04-10
Dumping Clear-Text Credentials Passwords in clear-text that are stored in a Windows host can allow penetration testers to perform lateral movement ... 2018-04-04
Command and Control – JavaScript There are a number command and controls tools that can use a variety fof methods in order to hide malicious traffic ... 2018-01-08