Pwning the Domain: With Credential EBook

The “Pwning the Domain: With Credentials” article series presents a comprehensive exploration of techniques used by attackers to exploit Active Directory environments. Key findings include the significance of proper enumeration of domain accounts using tools like BloodHound and PowerView, the exploitation of vulnerabilities such as Kerberoasting and coercion techniques like PetitPotam and PrinterBug, which can lead to privilege escalation. Additionally, the series covers specific vulnerabilities like PrivExchange, SamAccountName/NoPac, PrintNightmare, and Certifried, offering insights into their exploitation and impact on domain security. Furthermore, techniques for escalating privileges to gain Domain Admin access, such as dumping NTDS and performing DCSync attacks, are discussed, along with methods for escalating privileges within individual systems, including extracting credentials from LSASS, SAM/LSA, and DPAPI, as well as token manipulation techniques and recovering default privileges set for Network Service and Local Service accounts. Overall, the series aims to empower defenders with the knowledge needed to protect their AD environments effectively.