Skip to main content

Recently Updated Pages

OtterSec

The Team

I like otters... a lot ʕ •ᴥ•ʔ Currently focusing on honing my AD skills and recently got into AV/...

Updated 7 months ago by otter

Ressources

Abusing Active Directory Certificate Se...

SpecterOps https://specterops.io/wp-content/uploads/sites/3/2022/06/Certified_Pre-Owned.pdf ESC13...

Updated 7 months ago by BobBuilder

Recon

Windows Attacks and Enumerations

Windows recon Some commands are meant to be executed from a Sliver beacon but can easily be used ...

Updated 7 months ago by BobBuilder

Persistence

Windows Attacks and Enumerations

Persistence on Windows The commands that include execute-assembly have been executed from a Slive...

Updated 7 months ago by otter

Miscellaneous

Windows Attacks and Enumerations

User SID and RID In Active Directory, any group or user that Windows doesn't create has a RID of ...

Updated 7 months ago by BobBuilder

Kerberos Attacks

Windows Attacks and Enumerations

Kerberoasting Kerberoasting is an attack against service accounts that allows an attacker to perf...

Updated 7 months ago by BobBuilder

ESC12

Abusing Active Directory Certificate Se...

Updated 7 months ago by BobBuilder

SQL Injection

Web

Database enumeration MySQL SELECT GROUP_CONCAT(schema_name,',') FROM information_schema.schemata;...

One-Way Outbound Trust Abuse

Domain Trust Abuse

We are dealing with a one-way outbound trust when trustingdomain.com trusts trusteddomain.com so ...

Updated 7 months ago by otter

One-Way Inbound Trust Abuse

Domain Trust Abuse

A one-way inbound trusts looks like this PS C:\users\otter\desktop> Get-DomainTrust SourceName  ...

Updated 7 months ago by BobBuilder

Child/Parent Trust Abuse

Domain Trust Abuse

Whenever a child domain (child.domain.com) is added to a forest, the event automatically creates ...

Updated 7 months ago by BobBuilder

Attacking Key Vaults

Azure AD (AAD)

While owning users and devices in AAD environments, it's good practice to look out for permission...

Updated 7 months ago by otter

Virtual Machine Abuse

Azure AD (AAD)

This section is highly dependent on the Abusing Managed Identities module so i recommend checking...

Updated 7 months ago by otter

Abusing Managed Identities

Azure AD (AAD)

Managed Identities are a type of Service Principal and they are used by applications to obtain to...

Updated 7 months ago by otter

Introduction to ADCS

Abusing Active Directory Certificate Se...

ADCS is made of these main components CA: Certification Authority, an entity that issues and man...

Updated 7 months ago by otter

Pass the Cookie

Azure AD (AAD)

If a user has an active logon session on Azure or M365, the browser stores a cookie called ESTSAU...

Updated 7 months ago by otter

Pass the PRT

Azure AD (AAD)

This attack exploits devices with SSO enabled in hybrid Azure environments. PRTs can authenticate...

Updated 7 months ago by otter

Registering Fake Agents for Log Spoofing

Azure AD (AAD)

We talked about Spoofing AAD Logon logs as a ADFS administrator in [[15 - Spoofing Azure Sign-In ...

Updated 7 months ago by otter

Spoofing Azure Sign-In Logs

Azure AD (AAD)

In hybrid environments, every attacker with local administrator access can spoof AAD Sign-In even...

Updated 7 months ago by otter

Disabling Auditing (Unified Audit Logs)

Azure AD (AAD)

Azure's audit logs provide the vast majority of logging in the tenant and can be easily used to f...

Updated 7 months ago by otter