lab-purple-team

Lab Purple Team - Active Directory !screenshots/wazuhsecu...

DCSync Detection Without Signatures: Trellix NDR and the Power of Technique-Based Defense

DCSync Detection Without Signatures: Trellix NDR and the Power of Technique-Based Defense By Maulik Maheta and Chao Sun · April 14, 2026 Executive summary A DCSync attack is one of the most formidable techniques an adversary can deploy after gaining a foothold in an Active Directory AD environmen...

Active Directory Under Siege: Why Critical Infrastructure Needs Stronger Security

Active Directory remains the authentication backbone for over 90% of Fortune 1000 companies. AD's importance has grown as companies adopt hybrid and cloud infrastructure, but so has its complexity. Every application, user, and device traces back to AD for authentication and authorization, making ...

New Silver SAML Attack Evades Golden SAML Defenses in Identity Systems

Cybersecurity researchers have disclosed a new attack technique called Silver SAML that can be successful even in cases where mitigations have been applied against Golden SAML attacks. Silver SAML "enables the exploitation of SAML to launch attacks from an identity provider like Entra ID against...

Kerberos Silver/Golden/Diamond/Sapphire Ticket Forging

This module forges a Kerberos ticket. Four different techniques can be used: - Silver ticket: Using a service account hash, craft a ticket impersonating any user and privileges to that account. - Golden ticket: Using the krbtgt hash, craft a ticket impersonating any user and privileges. - Diamond...

Unpatched Systems Vulnerable to Spoofed Linked Certificates in KDC

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Windows Server provides Public Key Infrastructure PKI technology to enable capabilities such as Encrypting File System EFS, domain authentication, digital signatures, and email security. Misconfiguration...

Active-Directory-Exploitation-Cheat-Sheet

This is a cheat sheet for Windows Active Directory exploitation, containing common enumeration and attack methods. The repository is a collection of PowerShell scripts and modules that can be used to perform various attacks on Active Directory, including domain enumeration, lateral movement, and...

Vulnerabilities fixed in Microsoft Windows

Microsoft has fixed vulnerabilities in several components of Windows. The vulnerabilities potentially enable a malicious person to able to perform attacks that result in the following categories of damage: Obtaining elevated privileges Execution of arbitrary code Accessing sensitive data The...

Mimikatz v2.2.0 - A Post-Exploitation Tool to Extract Plaintexts Passwords, Hash, PIN Code from Memory

mimikatz is a tool I've made to learn C and make somes experiments with Windows security. It's now well known to extract plaintexts passwords, hash, PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash, pass-the-ticket or build Golden tickets. But that's not all!...

Windows Escalate Golden Ticket

This module will create a Golden Kerberos Ticket using the Mimikatz Kiwi Extension. If no options are applied it will attempt to identify the current domain, the domain administrator account, the target domain SID, and retrieve the krbtgt NTLM hash from the database. By default the well-known...