Dumping Domain Password Hashes
It is very common during penetration tests where domain administrator access has been achieved to extract the passwo ...
作者专栏
SPN Discovery
Services that support Kerberos authentication require to have a Service Principal Name (SPN) associated to point use ...
Situational Awareness
A common step in the life-cycle of a red team engagement is to gather as much information is possible for the compro ...
Lateral Movement – WinRM
WinRM stands for Windows Remote Management and is a service that allows administrators to perform management tasks o ...
AppLocker Bypass – CMSTP
CMSTP is a binary which is associated with the Microsoft Connection Manager Profile Installer. It accepts INF files ...
NBNS Spoofing
Netbios Name Service (NBT-NS) is used in Windows networks for communication between hosts. Systems will use this ser ...
Lateral Movement – RDP
The Remote Desktop Protocol (RDP) is widely used across internal networks by Administrators. This allows systems own ...
Skeleton Key
The Skeleton Key is a malware which is stored in memory which allows an attacker to authenticate as any domain user ...
Dumping Clear-Text Credentials
Passwords in clear-text that are stored in a Windows host can allow penetration testers to perform lateral movement ...
Command and Control – JavaScript
There are a number command and controls tools that can use a variety fof methods in order to hide malicious traffic ...
