lab-purple-team

Lab Purple Team - Active Directory !screenshots/wazuhsecu...

The Ghost SPN Attack: Catching Stealthy Kerberoasting Before It's Too Late Using Trellix NDR

The Ghost SPN Attack: Catching Stealthy Kerberoasting Before It's Too Late Using Trellix NDR By Maulik Maheta and Henry Bernabe · March 23, 2026 Executive summary As organizations adopt an identity-first security posture, adversaries are increasingly exploiting the "identity fabric” using...

challenge-yourself-level-1

Attack Path Lab !GitHubhttps://img.shields.io/badge/GitHu...

challenge-lab-ASCP

AD Attack Path Lab A complete Active Directory attack simulat...

denkair-lab

DenkAir - Windows AD Pentesting Lab A comprehensive Windows A...

When SPNs Go Rogue: Detection and Remediation with Trellix NDR

When SPNs Go Rogue: Detection and Remediation with Trellix NDR By Maulik Maheta and Henry Bernabe · February 10, 2026 Executive summary Service Principal Names SPNs are essential for Kerberos authentication in Active Directory AD, but misconfigurations, such as assigning SPNs to standard user...

Microsoft Is Finally Killing RC4

After twenty-six years, Microsoft is finally upgrading the last remaining instance of the encryption algorithm RC4 in Windows. of the most visible holdouts in supporting RC4 has been Microsoft. Eventually, Microsoft upgraded Active Directory to support the much more secure AES encryption standard...

HackTheBox-Penetration-Testing-Methodology

HackTheBox Penetration Testing Methodology by 9mmpterodacty...

Active Directory Under Siege: Why Critical Infrastructure Needs Stronger Security

Active Directory remains the authentication backbone for over 90% of Fortune 1000 companies. AD's importance has grown as companies adopt hybrid and cloud infrastructure, but so has its complexity. Every application, user, and device traces back to AD for authentication and authorization, making ...

Microsoft Still Uses RC4

Senator Ron Wyden has asked the Federal Trade Commission to investigate Microsoft over its continued use of the RC4 encryption algorithm. The letter talks about a hacker technique called Kerberoasting, that exploits the Kerberos authentication system...

Senator Wyden Urges FTC to Probe Microsoft for Ransomware-Linked Cybersecurity Negligence

U.S. Senator Ron Wyden has called on the Federal Trade Commission FTC to probe Microsoft and hold it responsible for what he called "gross cybersecurity negligence" that enabled ransomware attacks on U.S. critical infrastructure, including against healthcare networks. "Without timely action,...

Kerberoasting Detections: A New Approach to a Decade-Old Challenge

Security experts have been talking about Kerberoasting for over a decade, yet this attack continues to evade typical defense methods. Why? It's because existing detections rely on brittle heuristics and static rules, which don't hold up for detecting potential attack patterns in highly variable...

Exploit for Use of Password Hash With Insufficient Computational Effort in Redhat Enterprise_Linux

CVE-2024-3183-POC POC for CVE-2024-3183 FreeIPA Rosting Imp...

Ongoing Social Engineering Campaign Refreshes Payloads

Executive Summary On June 20, 2024, Rapid7 identified multiple intrusion attempts by threat actors utilizing techniques, tactics, and procedures TTPs that are consistent with an ongoing social engineering campaign being tracked by Rapid7. Rapid7 observed a meaningful shift in the tools used by th...

Detecting and Visualizing Lateral Movement Attacks with Trellix XDR - Part 2

Detecting and Visualizing Lateral Movement Attacks with Trellix Helix Connect - Part 2 By Maulik Maheta · May 21, 2023 This blog was also written by Chintan Shah Executive summary In the part 1 of this series we discussed in depth about the known Lateral movement attacks like abusing weak service...

Infra Used in Cisco Hack Also Targeted Workforce Management Solution

The attack infrastructure used to target Cisco in the May 2022 incident was also employed against an attempted compromise of an unnamed workforce management solutions holding company a month earlier in April 2022. Cybersecurity firm eSentire, which disclosed the findings, raised the possibility...

PT-2022-2476

Active Directory Domain Services and Certificate Services affected versions not specified Description: This issue involves an elevation of privilege vulnerability affecting Active Directory Domain Services and Certificate Services. Successful exploitation allows attackers to impact the system and...

ADReaper - A Fast Enumeration Tool For Windows Active Directory Pentesting Written In Go

ADReaper is a tool written in Golang which enumerate a Active Directory environment with LDAP queries within few seconds. Installation You can download precompiled executable binaries for Windows/Linux from latest releases Install from source To build from source, clone the repo and build it with...

targetedKerberoast - Kerberoast With ACL Abuse Capabilities

targetedKerberoast is a Python script that can, like many others e.g. GetUserSPNs.py, print "kerberoast" hashes for user accounts that have a SPN set. This tool brings the following additional feature: for each user without SPNs, it tries to set one abuse of a write permission on the...

AD Starter Scan - Kerberoasting

Binary data adsikerberoasting.nbin...