A Service Principal Name (SPN) is a unique identifier of a service instance. It is used to link an AD object (service accounts, users, computers etc.) with a service. It can be used as an alternative to a port scan in an Active Directory environment. Some common SPNs are: CIFS host HTTP https IMAP mongod […]
ADSISearcher (Part 2)
ADSISearcher is a class for searching for objects in Active Directory. It is part of .NET framework (System.DirectoryServices.DirectorySearcher) and van be accessed via PowerShell by creating object for the above class Example: $adsiSearcherObj = New-Object –TypeName System.DirectoryServices.DirectorySearcher takes the LDAP path to current domain by default Pass ADSI Directory Entry object type as ArgumentList to […]
AD Exploitation using ADSI – Part 1 (Introduction)
Active Directory Service Interfaces (ADSI) – A set of Component Object Model (COM) interfaces for managing Active Directory services. It can be utilized in several scripting and programming languages. Enables reading, adding and managing Active Directory Objects Part of .NET framework: System.DirectoryServices.DirectoryEntry (ADSI) System.DirectoryServices.DirectorySearcher (ADSISearcher) Can be accessed via PowerShell by creating objects for above […]
Active Directory User Enumeration using PowerView
PowerView, developed by Will Schroeder (@harmj0y), is a PowerShell tool to gain network situational awareness on Windows domains. It is now a part of PowerSploit suite. You can download PowerView from here. As a pentester, you can leverage PowerView to find out information about domain users. Following commands will help you with that (watch the […]
Active Directory Network Recon using PowerView
Once you have compromised a machine in an Active Directory environment, the next thing you do is post-exploitation network recon. PowerView, developed by Will Schroeder (@harmj0y), is a PowerShell tool to gain Active Directory network situational awareness on Windows domains. It is now a part of PowerSploit suite. You can download PowerView from here. Learn […]
Purple AD – Active Directory Lab Environment
Playing around with an Active Directory environment is fun. Whether we do it as sysadmin or security researcher, we need a lab environment to work with. The following video provides an overview of the AD lab I have built using my computer systems. I will be using this lab in further Purple AD posts to […]
Web App Pentesting using BodgeIt Store (Part 1)
This video shows how to set up the lab environment for this YCSC Let’s Learn series. It covers installing Docker on Kali Linux 2019.4, pulling and running the BodgeIt Store docker image from Docker Hub. A virtual image of Kali Linux could be downloaded from https://www.offensive-security.com/kali-linux-vm-vmware-virtualbox-image-download/ What is BodgeIt Store? A vulnerable web application aimed at […]
Steal Windows Credentials using a PDF File (NTLM Hash)
This video demonstrates the recently discovered NTLM hash leak vulnerability via the PDF files. Uday MittalUday Mittal is a cybersecurity professional with rich working experience working with various industries including telecom, publishing, consulting and finance. He holds internationally recognized certifications such as CRTP, OSCE, OSCP, CISSP, CISA, CISM, CRISC among others. He speaks on cybersecurity […]
Durpalgeddon2: Patch or Be Hacked
This video gives a brief overview of Drupal vulnerability, Drupalgeddon 2. It also shows how to exploit drupalgeddon2. Uday MittalUday Mittal is a cybersecurity professional with rich working experience working with various industries including telecom, publishing, consulting and finance. He holds internationally recognized certifications such as CRTP, OSCE, OSCP, CISSP, CISA, CISM, CRISC among others. […]
Are you sharing sensitive information over WhatsApp?
Disclaimer: The views/opinions/arguments expressed here are solely those of the author and contributors, as named therein, in their private capacity and do not in any way represent the views of any entity of the Indian Government or any private organization(s) they are associated with. The views/opinions/arguments of the contributors are re-produced here with due permission. […]