Exploit for CVE-2020-0665

TrustFull For anyone with trust issues Active Directory...

Domain Escalation – Machine Accounts

The pass the hash technique is not new and it was usually used for lateral movement on the network in scenarios where the administrator password… Continue reading - Domain Escalation - Machine Accounts...

Domain Escalation – Machine Accounts

The pass the hash technique is not new and it was usually used for lateral movement on the network in scenarios where the administrator password… Continue reading - Domain Escalation - Machine Accounts...

Domain Persistence – Machine Account

Machine accounts play a role in red team operations as in a number of techniques are utilized for privilege escalation, lateral movement and domain escalation.… Continue reading - Domain Persistence - Machine Account...

Domain Persistence – Machine Account

Machine accounts play a role in red team operations as in a number of techniques are utilized for privilege escalation, lateral movement and domain escalation.… Continue reading - Domain Persistence - Machine Account...

Domain Escalation – sAMAccountName Spoofing

Computer accounts have the $ sign appended at the end of their names in contrast with standard user accounts. By default Microsoft operating systems lack… Continue reading - Domain Escalation - sAMAccountName Spoofing...

Domain Escalation – PrintNightmare

Printers are part of every corporate infrastructure therefore Windows environments they have a number of embedded drivers installed. The Print Spooler spoolsv.exe service is responsible… Continue reading - Domain Escalation - PrintNightmare...

Microsoft Exchange – Privilege Escalation

Harvesting the credentials of a domain user during a red team operation can lead to execution of arbitrary code, persistence and domain escalation. However information that is stored over emails can be highly sensitive for an organisation and therefore threat actors focus can be to exfiltrate dat...

Microsoft Exchange – ACL

During Microsoft Exchange installation a number of security groups are created in the Active Directory related to Exchange. Some of these groups are linked to each other and could allow domain escalation via abuse of access control lists. Specifically user accounts that are a member of Organisati...

Windows 2000 SIDHistory Escalation Attack

Russ, I know that this topic was brought up a few weeks ago, but we have been doing some research internally on this issue and have reached some disturbing conclusions. First of all, when Microsoft introduced the Windows 2000 domains within a forest structure, the domains were introduced as...