Tag Archive: ADForest

Aug 07

Kerberos Golden Tickets are Now More Golden

At my talk at Black Hat USA 2015, I highlighted new Golden Ticket capability in Mimikatz (“Enhanced Golden Tickets”). This post provides additional detailed on “enhanced” Golden Tickets. Over the past few months, I researched how SID History can be abused in modern enterprises. As part of this research, I reached out to Benjamin Delpy, …

Continue reading »

Sep 02

PowerShell: Using Active Directory .Net methods in PowerShell Part 2

Powershell has the incredible ability to run some .Net methods natively.  Some of this data can also be gathered using AD commandlets. Read Part 1 for others. Here are a few of my favorites. Get a Computer’s Site: [System.DirectoryServices.ActiveDirectory.ActiveDirectorySite]::GetComputerSite()   Get a User’s Domain: [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain().Name   Get a Computer’s Domain:  [System.DirectoryServices.ActiveDirectory.Domain]::GetComputerDomain().Name List Active Directory FSMOs: …

Continue reading »