Search Results

If a user has an active logon session on Azure or M365, the browser stores a cookie called ESTSAUTH cookie which can be exposed or stolen from the browser cache, a memory dump of running processes, malicious browser extensions and the Chrome cookies file. The ...

ADCS is made of these main components CA: Certification Authority, an entity that issues and manages certificates. There can be multiple CAs, organized in a hierarchy to add more layers of "movement" between the end user and the main CA Certificate Templates:...

Managed Identities are a type of Service Principal and they are used by applications to obtain tokens for authentication without need to manage credentials. We'll see how a misconfigured Managed Identity can allow an attacker to access resources in the same re...

This section is highly dependent on the Abusing Managed Identities module so i recommend checking that out first and then coming back to this ʕ •ᴥ•ʔ The setup is the same and the attack assumes you compromised a Linux-based VM and we can use it to execute comm...

While owning users and devices in AAD environments, it's good practice to look out for permissions like Microsoft.KeyVault/vaults/read # read keys in a vault Microsoft.KeyVault/vaults/secrets/read # read the plaintext passwords in...

Whenever a child domain (child.domain.com) is added to a forest, the event automatically creates a transitive and bidirectional trust with the parent domain (domain.com). PS C:\users\otter\desktop> Get-ADTrust -Filter * Direction : BiDirectional...

A one-way inbound trusts looks like this PS C:\users\otter\desktop> Get-DomainTrust SourceName      : trusteddomain.com TargetName      : trustingdomain.com TrustType       : WINDOWS_ACTIVE_DIRECTORY TrustAttributes : TrustDirection  : Inbound WhenCreated   ...

We are dealing with a one-way outbound trust when trustingdomain.com trusts trusteddomain.com so the users from the second domain are able to access the resources in the first one. Given that we have high-privilege access to trustingdomain.com we are able to "...

Recently, Microsoft announced their new AI Recall feature that will be enabled on a new hardware generation called Copilot+ PC. I won't bore you with the details as the topic has been vastly covered already in YouTube videos and other major information sources...

When authenticating into a Domain Controller using the Kerberos protocol, especially during a CTF, we've all encountered the infamous Kerberos Clock Skew error, it looks something like this: Kerberos SessionError: KRB_AP_ERR_SKEW(Clock skew too great) This er...