Alternative methods of becoming SYSTEM

For many pentesters, Meterpreter's getsystem command has become the default method of gaining SYSTEM account privileges, but have you ever have wondered just how this works behind the scenes? In this post I will show the details of how this technique works, and explore a couple of methods which are not quite as popular, but may help evade detection on those tricky redteam engagements. Meterpreter's "getsystem" Most of you will have used the getsystem module in Meterpreter before. For those that haven't, getsystem is a module offered by the Metasploit-Framework which allows an adminis…

Read more »

Kerberos AD Attacks - More Roasting with AS-REP

This post continues with the series of tutorials looking at Kerberos and Active Directory attacks. If you have not had chance to review any of the previous posts in this series, I'd recommend checking them out: Kerberos AD Attacks - Kerberoasting Using machine account credentials during an engagement Setting Service Principal Names To Roast Accounts In this post we will be exploring another "roasting" method which involves exploiting a weak account configuration setting in Active Directory.. AS-REP Roasting. LAB Setup For this tutorial, our lab will be set up to consist of the severa…

Read more »

Defcon 25 in Review

Posted on

This year I attended Defcon for the second time. I live in the UK, so making it out to the US for this awesome conference is something that I look forward to throughout the year. As part of my day job I'm a penetration tester, and I actually found myself in Santa Clara the week before Defcon on an assessment. Due to some unique circumstances, I took what I think must be a record breaking detour back to Defcon. After checking out the local famous garages and technology spots, I was on a flight back to the UK: Landing in Manchester airport on the Monday, I was packed and ready to fly back over t…

Read more »