Recently Updated Pages
OtterSec
I like otters... a lot ʕ •ᴥ•ʔ Currently focusing on honing my AD skills and recently got into AV/...
Ressources
SpecterOps https://specterops.io/wp-content/uploads/sites/3/2022/06/Certified_Pre-Owned.pdf ESC13...
Recon
Windows recon Some commands are meant to be executed from a Sliver beacon but can easily be used ...
Persistence
Persistence on Windows The commands that include execute-assembly have been executed from a Slive...
Miscellaneous
User SID and RID In Active Directory, any group or user that Windows doesn't create has a RID of ...
Kerberos Attacks
Kerberoasting Kerberoasting is an attack against service accounts that allows an attacker to perf...
ESC12
SQL Injection
Database enumeration MySQL SELECT GROUP_CONCAT(schema_name,',') FROM information_schema.schemata;...
One-Way Outbound Trust Abuse
We are dealing with a one-way outbound trust when trustingdomain.com trusts trusteddomain.com so ...
One-Way Inbound Trust Abuse
A one-way inbound trusts looks like this PS C:\users\otter\desktop> Get-DomainTrust SourceName ...
Child/Parent Trust Abuse
Whenever a child domain (child.domain.com) is added to a forest, the event automatically creates ...
Attacking Key Vaults
While owning users and devices in AAD environments, it's good practice to look out for permission...
Virtual Machine Abuse
This section is highly dependent on the Abusing Managed Identities module so i recommend checking...
Abusing Managed Identities
Managed Identities are a type of Service Principal and they are used by applications to obtain to...
Introduction to ADCS
ADCS is made of these main components CA: Certification Authority, an entity that issues and man...
Pass the Cookie
If a user has an active logon session on Azure or M365, the browser stores a cookie called ESTSAU...
Pass the PRT
This attack exploits devices with SSO enabled in hybrid Azure environments. PRTs can authenticate...
Registering Fake Agents for Log Spoofing
We talked about Spoofing AAD Logon logs as a ADFS administrator in [[15 - Spoofing Azure Sign-In ...
Spoofing Azure Sign-In Logs
In hybrid environments, every attacker with local administrator access can spoof AAD Sign-In even...
Disabling Auditing (Unified Audit Logs)
Azure's audit logs provide the vast majority of logging in the tenant and can be easily used to f...