RichAutomating Caching Credentials for Cyber RangesTL;DR howto automate caching credentials locally on Windows domain VMs in various places for cyber range purposes.17h ago
EricaZelicLDAP Queries for Offensive and Defensive OperationsThis article was originally written in July 2023 and was moved here in November 2024.Nov 8
RichAbusing MSSQLTL;DR howto setup & [mis]configure MSSQL for a range, how to enumerate it, and how to abuse it.Dec 3Dec 3
Giulio PierantoniA Practical Guide To RBCD ExploitationResource-Based Constrained Delegation is an interesting attack, in the right conditions it allows users to take control of computers and…Feb 241Feb 241
Jose CampoMaking Diamonds from coal: Expanding Kerberoasting Targets with GenericWriteGenericWrite privilege on an account can open up new AD pentesting possibilities by allowing you to create Kerberoasting targets from…Nov 17Nov 17
RichAutomating Caching Credentials for Cyber RangesTL;DR howto automate caching credentials locally on Windows domain VMs in various places for cyber range purposes.17h ago
EricaZelicLDAP Queries for Offensive and Defensive OperationsThis article was originally written in July 2023 and was moved here in November 2024.Nov 8
RichAbusing MSSQLTL;DR howto setup & [mis]configure MSSQL for a range, how to enumerate it, and how to abuse it.Dec 3
Giulio PierantoniA Practical Guide To RBCD ExploitationResource-Based Constrained Delegation is an interesting attack, in the right conditions it allows users to take control of computers and…Feb 241
Jose CampoMaking Diamonds from coal: Expanding Kerberoasting Targets with GenericWriteGenericWrite privilege on an account can open up new AD pentesting possibilities by allowing you to create Kerberoasting targets from…Nov 17
Giulio PierantoniADCS Exploitation Series — Part 2: Certificate Mapping + ESC15Certificate mapping is the process at the heart of multiple ADCS vulnerabilities, so I thought it would be appropriate to dedicate it its…Oct 101
Giulio PierantoniHow To DCSync a Samba DC (and maybe OpenLDAP)In a recent assessment I found myself in a domain where the only DC was a Samba server. While Samba allows the creation of a fully…Nov 15
Giulio PierantoniAttacking Group Managed Service Accounts (gMSA)Another day, another Active Directory feature to put under the microscope. This time it’s Group Managed Service Accounts. I’ll exaplain…Feb 17
