White Paper

In the ever-evolving landscape of cybersecurity, the tools and techniques employed by both defenders and attackers are constantly advancing. Among the myriad of tools available, Mimikatz stands out as a particularly powerful and versatile utility that has become a staple in the arsenals of both security professionals and malicious actors. Developed by Benjamin Delpy, Mimikatz…

Active Directory Certificate Services (AD CS) is a crucial component of enterprise security infrastructure, providing services for public key cryptography. However, misconfigurations and vulnerabilities within AD CS can be exploited for domain escalation, persistence, and certificate theft. These exploits leverage weaknesses in certificate templates, enrollment services, access control lists (ACLs), and other AD CS components….

Introduction SIM Swap attacks are well known to cybersecurity professionals. They allow an attacker to take control of the victim’s SIM card, enabling them to validate online payments or change the victim’s account passwords. This type of attack is widespread and has caused significant damage worldwide. Recently, in January 2024, the X account of the…

In the ongoing battle between attackers and defenders within the realm of cybersecurity, understanding and mitigating persistence techniques is paramount. “Pwning the Domain” is a comprehensive series dedicated to exploring various methods employed by malicious actors to maintain unauthorized access within Windows domain environments. This article focuses specifically on persistence techniques, shedding light on the…

Lateral movement in red teaming is all about moving between targets in the environment to reach the objective. Password When you find a password you can pass it to different services to check if you can get it. In this article we’ll be going through a few of them. WinRM WinRM is a management protocol…

When developing malware/red teaming tools, it’s often needed to dynamically execute code inside a program. For example executing python code inside a python file. The reason that it’s needed is for evasion, is because when the code is being loaded like that, it resides in memory so AV/EDR has more overhead when examining the process….

DACL abuse is about taking advantage of the DACL that is assigned to us on any object that we can abuse. Some mischief that can be done may be changing a user’s password, adding yourself to a group like Domain Admins, granting yourself full control over an object and many more. DACL abuse can be…

Pwning the Domain: Kerberos Delegation In this article we’ll talk about Kerberos Delegation and how to abuse it in various ways and escalate our privileges. What is Kerberos delegation? Kerberos delegation is a type of credential delegation that is used for securely delegating a user’s credential form a client application to a target server application….

The integration of Large Language Models (LLMs) into online platforms presents a double-edged sword, offering enhanced user experiences but also introducing security vulnerabilities. Insecure output handling is a prominent concern, where insufficient validation or sanitization of LLM outputs can lead to a range of exploits like cross-site scripting (XSS) and cross-site request forgery (CSRF). Indirect…

Domain Account After getting access to a domain account, there are a variety of things that can be done including but not  limited to: domain enumeration, Kerberoasting, coercion, etc. Enumeration There are many options for enumerating the domain once you have an account: BloodHound BloodHound is a go-to tool when it comes to enumeration in…

Reconnaissance Reconnaissance is an important step when engaging in a red teaming/penetration testing assessment. It may provide you the information you need later on while it may not seem so important in the meantime, For example you may stumble upon a username which you can make use of when brute forcing or using it in…