Category Archive: Technical Reading

Nov 17

How Attackers Use Kerberos Silver Tickets to Exploit Systems

Usually Golden Tickets (forged Kerberos TGTs) get all the press, but this post is about Silver Tickets and how attackers use them to exploit systems. I have talked about how Silver Tickets can be used to persist and even re-exploit an Active Directory enterprise in presentations at security conferences this year. This post continues this …

Continue reading »

Jul 15

It’s All About Trust – Forging Kerberos Trust Tickets to Spoof Access across Active Directory Trusts

In early 2015, I theorized that it’s possible to forge inter-realm (inter-trust) Kerberos tickets in a similar manner to how intra-domain TGTs (Golden Tickets) and TGSs (Silver Tickets) are forged. Around the same time, Benjamin Delpy updated Mimikatz to dump trust keys from a Domain Controller. Soon after, Mimikatz gained capability to forge inter-realm trust …

Continue reading »

Apr 12

SPN Scanning – Service Discovery without Network Port Scanning

The best way to discover services in an Active Directory environment is through “SPN Scanning.” The primary benefit of SPN scanning for an attacker over network port scanning is that SPN scanning doesn’t require connections to every IP on the network to check service ports. SPN scanning performs service discovery via LDAP queries to a …

Continue reading »

Nov 11

Another SSL Attack: POODLE

SSL used to be the foremost method for securing web communications until around 1999 when TLS 1.0 was released. BEAST demonstrated inherent flaws in the aging SSL 3 protocol (RC4!). Now, POODLE demonstrates that SSL3 needs to be disabled on the client AND server side. Note that the chance of this specific issue being the …

Continue reading »

Nov 08

Hack Attack Method Whitepapers

The best way to develop the best defense is to study the offense’s methods. Here are several recent reports that detail current modern network attacks: Mandiant APT Whitepaper Microsoft Security Intelligence Report Verizon Enterprise DBIR 2014 Trimarc helps companies and organizations improve their security to better protect against and detect attacks. Visit TrimarcSecurity.com for more …

Continue reading »

Sep 22

Powershell Filter Operators

Once you get used to Powershell, you will want to do more and more with it.  One of the keys to leveraging the power of PowerShell is filters. PowerShell commandlets all support filters (well, most of them anyway).  This means you can drill down to resulting data subsets. If you run into commandlets that don’t …

Continue reading »

Aug 25

Microsoft Enhanced Mitigation Experience Toolkit (EMET) 5 Protection Methods

Microsoft Enhanced Mitigation Experience Toolkit (EMET) v5 security technology which I outlined in a previous post has several protection methods which will be detailed here. According to my sources at Microsoft 😉, EMET can be installed on workstations and servers (testing is always highly recommended before placing in production). Given the tremendous security improvements when …

Continue reading »

May 06

Windows Server 2012 MCSM Reading List

Here’s a link to download the MCM/MCSM Directory Services Reading List document that I developed for the MCSM Directory Services (Windows Server 2012) program and was created after the MCSM Directory Services (Windows Server 2012) test questions were written. It is based on the original one created for the MCM DS program provided to candidates. …

Continue reading »

Apr 29

AD Reading: How Key Active Directory Components Work

The following links provide in-depth information on how key Active Directory components work. AD Data Store Windows Server 2003 Active Directory Branch Office Guide Bridgehead Server Selection (Windows 2008 R2) AD Replication Model Certificate Revocation & Status Checking Core Group Policy DNS How DNS Support for AD works Windows 2000 DNS DFS Fine-Grained Password Policy …

Continue reading »

Apr 29

AD Reading: Windows Server 2012 Active Directory Features

The following are extremely useful resources for Windows Server 2012 Active Directory Features.   Windows 2012 Features TechED: What’s New in Active Directory in Windows Server 2012 (Dean Wells’ presentation at TechEd) How many Windows Server 2012 domain controllers do I need initially and where should I put them? PowerShell version 3 commandlets including Active …

Continue reading »

Older posts «