All articles tagged as:

active directory

Azure AD Connect for Red Teamers

With clients increasingly relying on cloud services from Azure, one of the technologies that has been my radar for a while is Azure AD. For those who have not had the opportunity to work with this, the concept is simple, by extending authentication beyond on-prem Active Directory, users can authenticate with their AD credentials against Microsoft services such as Azure, Office365, Sharepoint, and hundreds of third party services which support Azure AD.If we review the available documentation, Microsoft show a number of ways in which Azure AD can be configured to integrate with existing Active…

Read more »

Kerberos AD Attacks - More Roasting with AS-REP

This post continues with the series of tutorials looking at Kerberos and Active Directory attacks. If you have not had chance to review any of the previous posts in this series, I'd recommend checking them out: Kerberos AD Attacks - Kerberoasting Using machine account credentials during an engagement Setting Service Principal Names To Roast Accounts In this post we will be exploring another "roasting" method which involves exploiting a weak account configuration setting in Active Directory.. AS-REP Roasting. LAB Setup For this tutorial, our lab will be set up to consist of the severa…

Read more »

Kerberos AD Attacks - Kerberoasting

Recently I've been trying to make sure that my redteam knowledge is up to date, exploring many of the advancements in Active Directory Kerberos attacks... and there have been quite a few! I finally found some free time this week to roll up my sleeves and dig into the internals of some of these attacks, and hopefully document them for other people to learn. This post is the first in a series aimed at explaining what is happening under the hood when you execute your favourite Powerview or Mimikatz command to attack Active Directory via Kerberos, and hopefully giving people some other methods or…

Read more »