I improve security for enterprises around the world working for TrustedSec & I am @PyroTek3 on Twitter. Read the About page (top left) for information about me. :) https://adsecurity.org/?page_id=8
Sean Metcalf
Author's posts
May 03 2015
Detecting Forged Kerberos Ticket (Golden Ticket & Silver Ticket) Use in Active Directory
Over the last 6 months, I have been researching forged Kerberos tickets, specifically Golden Tickets, Silver Tickets, and TGTs generated by MS14-068 exploit code (a type of Golden Ticket). I generated forged Kerberos tickets using Mimikatz (Mimikatz Command Reference) and MS14-068 exploits and logged the results. Over the course of several weeks, I identified anomalies …
Apr 12 2015
SPN Scanning – Service Discovery without Network Port Scanning
The best way to discover services in an Active Directory environment is through what I call “SPN Scanning.” The primary benefit of SPN scanning for an attacker over network port scanning is that SPN scanning doesn’t require connections to every IP on the network to check service ports. SPN scanning performs service discovery via LDAP …
Mar 22 2015
Bypassing EMET 5.2 Security Protection
While EMET 5.2 may only be about a week old, there is already information about one way tor bypassing one of EMET’s security protection methods. r41p41 posted information about ROP bypass in the latest EMET version, 5.2. TLDR: EMET 5.2 can be bypassed with ease by jumping past its hooks using simple ROP 19th March …
Mar 16 2015
Microsoft EMET 5.2 Now Available!
Microsoft Security Research and Defense blog posts that Microsoft EMET 5.2 is now available! Following is the list of the main changes and improvements: Control Flow Guard: EMET’s native DLLs have been compiled with Control Flow Guard (CFG). CFG is a new feature introduced in Visual Studio 2015 (and supported by Windows 8.1 and …
Feb 18 2015
Interesting KRBTGT Password Reset Behavior
Following up on Twitter conversations (@passingthehash, @scriptjunkie1, gentilkiwi, etc) on the new KRBTGT Password Reset Script and Skip Duckwall’s (@passingthehash) blog post on how KRBTGT password changes work. Microsoft KB2549833 states that the KRBTGT password is set automatically to a random string when a new password is entered. This occurs because there is special logic …
Feb 11 2015
MS15-011 & MS15-014: Microsoft Active Directory Group Policy (GPO) Vulnerabilities Patched
On February’s Patch Tuesday (2/11/2015), Microsoft released two patches that fix issues with the way Group Policy is processed by the client. Interestingly enough, one of these vulnerabilities (MS15-014) makes the other one (MS15-011) not only feasible, but quite capable. The Attack Scenario: An attacker leverages the vulnerability described in MS15-014 to prevent/stop Group Policy …
Feb 03 2015
Configuring Two-Factor Authentication for Web (Cloud) Services
Don’t want your web (cloud) account password to get hacked? Enable Two-Factor Authentication (aka two-step verification)! Google Account: Visit this site and follow the instructions to configure your cell phone as a second factor Step 1: You’ll enter your password Whenever you sign in to Google, you’ll enter your password as usual. Step 2: You’ll …
Jan 29 2015
ShmooCon 2015 Presentation Videos
ShmooCon2015 was held in Washington, DC from January 16th -18th, 2015. The ShmooCon 2015 videos are now posted: https://archive.org/details/shmoocon-2015-videos-playlist ShmooCon 2015 FireTalks Videos The complete list of all presentations at ShmooCon 2015 including video download links: Keynote Address: Joseph Lorenzo Hall https://archive.org/download/shmoocon-2015-videos-playlist/Keynote%20%5BSC2015%5D.mp4Joseph Lorenzo Hall is the Chief Technologist at the Center for Democracy & Technology, …
Jan 27 2015
Enabling Windows 8 Hyper-V for a Portable Lab
Installing Hyper-V: Requirement: Windows 8 Pro or Windows 8 Enterprise which include Client Hyper-V. Requirement: Your computer processor must support virtualization technology (VT), though most processors in the past 5 years support VT (pretty much all Intel i-series processors, i3, i5, i7). Enable virtualization technology (VT) on your computer’s processor by editing the BIOS settings …
Jan 23 2015
Shmoocon 2015 FireTalks Videos
The ShmooCon 2015 Presentation Videos are posted. The ShmooCon Firetalks (2015) are posted: Opening – @grecs PlagueScanner: An Open Source Multiple AV Scanner Framework – Robert Simmons (@MalwareUtkonos) I Hunt Sys Admins – Will Schroeder (@harmj0y) Collaborative Scanning with Minions: Sharing is Caring – Justin Warner (@sixdub) Chronicles of a Malware Hunter – Tony Robinson …
Recent Comments