Phyo WaThone WininInfoSec Write-upsFull Lab Notes of Pass-the-Hash for Active Directory PentestingAs a basic Active Directory (AD) pentester, I know you may find it challenging to differentiate between Pass-the-Hash (PtH) and…Aug 22
RichMimikatz CheatsheetTL;DR Mimikatz cheatsheet of things I have found useful in CRTP and the lab.Aug 26, 2022
Phyo WaThone WininInfoSec Write-upsCreating a Vulnerable Active Directory Lab for Active Directory Penetration TestingVulnerable Active Directory (AD) refers to an Active Directory environment that is intentionally configured or set up with weaknesses…Aug 20Aug 20
Phyo WaThone WininInfoSec Write-upsFull Lab Notes of Pass-the-Hash for Active Directory PentestingAs a basic Active Directory (AD) pentester, I know you may find it challenging to differentiate between Pass-the-Hash (PtH) and…Aug 22
RichMimikatz CheatsheetTL;DR Mimikatz cheatsheet of things I have found useful in CRTP and the lab.Aug 26, 2022
Phyo WaThone WininInfoSec Write-upsCreating a Vulnerable Active Directory Lab for Active Directory Penetration TestingVulnerable Active Directory (AD) refers to an Active Directory environment that is intentionally configured or set up with weaknesses…Aug 20
RichDumping Creds from Azure AD ConnectTL;DR howto dump plaintext credentials from an Azure AD Connect server, including both the ‘on prem’ AD account that can DCSync and the…Jul 3, 2022
RichThe Group Membership Property Set, even more arcane than the Self privilegeTL;DR explanation of the Group Membership Property Set, and how it allows a user to change a group’s membership.Jun 18, 2023
RichDo not use ADUC to view LAPS passwords!TL;DR if you use ADUC/RSAT to pull LAPS data you run the risk of a MITM.Aug 3, 2021