Alternative methods of becoming SYSTEM

For many pentesters, Meterpreter's getsystem command has become the default method of gaining SYSTEM account privileges, but have you ever have wondered just how this works behind the scenes? In this post I will show the details of how this technique works, and explore a couple of methods which are not quite as popular, but may help evade detection on those tricky redteam engagements. Meterpreter's "getsystem" Most of you will have used the getsystem module in Meterpreter before. For those tha... Read More »

Kerberos AD Attacks - More Roasting with AS-REP

In this post we will be exploring another "roasting" method which involves exploiting a weak account configuration setting in Active Directory.. AS-REP Roasting.... Read More »

Defcon 25 in Review

This year I attended Defcon for the second time. I live in the UK, so making it out to the US for this awesome conference is something that I look forward to throughout the year. As part of my day job I'm a penetration tester, and I actually found myself in Santa Clara the week before Defcon on an assessment. Due to some unique circumstances, I took what I think must be a record breaking detour back to Defcon. After checking out the local famous garages and technology spots, I was on a flight b... Read More »

Setting Service Principal Names To Roast Accounts

As a continuation of our previous post, we wanted to discuss another technique that can help during an red team engagement where the intention is to usually stay under the radar when compromising high value accounts.... Read More »

Using machine account credentials during an engagement

Of the many advancements in red teaming over the last 12 months, the development of BloodHound has provided a monumental step forward and is quickly becoming an essential tool in the arsenal of an attacker.... Read More »