Active Directory & Enterprise Security, Methods to Secure Active Directory, Attack Methods & Effective Defenses, PowerShell, Tech Notes, & Geek Trivia…

Tag: DSInternals

May 29 2020

Attacking Active Directory Group Managed Service Accounts (GMSAs)

By Sean Metcalf in ActiveDirectorySecurity, Hacking, Microsoft Security

In May 2020, I presented some Active Directory security topics in a Trimarc Webcast called “Securing Active Directory: Resolving Common Issues” and included some information I put together relating to the security of AD Group Managed Service Accounts (GMSA). This post includes the expanded version of attacking and defending GMSAs I covered in the webcast.I …

clear-text password, Computer Account, ConvertTo-NTHash, DSInternals, Get-ADReplAccount, Get-ADServiceAccount, GMSA, GMSA password, GMSA password hash, GMSA SPN, Group Managed Service Accounts, Kerberos, Kerberos SPN, LSASS, mimikatz, msDS-GroupManagedServiceAccount, msDS-GroupMSAMembership, msds-ManagedPassword, msDS-ManagedPasswordId, msDS-ManagedPasswordInterval, msDS-ManagePasswordInterval, PrincipalsAllowedToRetriveManagedPassword, PSEXEC, Sekurlsa::ekeys, sekurlsa::logonpasswords, service principal name, ServicePrincipalNames, SPN, SYSTEM, _SA_

Sep 25 2015

Mimikatz DCSync Usage, Exploitation, and Detection

By Sean Metcalf in ActiveDirectorySecurity, Microsoft Security, Security Conference Presentation/Video, Technical Reference

Note: I presented on this AD persistence method at DerbyCon (2015). A major feature added to Mimkatz in August 2015 is “DCSync” which effectively “impersonates” a Domain Controller and requests account password data from the targeted Domain Controller. DCSync was written by Benjamin Delpy and Vincent Le Toux. The exploit method prior to DCSync was …

DCE/RPC, DCSync, DCSyncAsUser, DCSyncRights, DetectDCSync, DomainControllerImpersonation, DRSUAPI, DSGetNCChanges, DSInternals, GSS-API, Impacket, ImpersonateDC, mimikatz, MimikatzDCSync, ReplicatingDirectoryChanges, ReplicatingDirectoryChangesALL, ReplicatingDirectoryChangesInFilteredSet

Copyright

Content Disclaimer: This blog and its contents are provided "AS IS" with no warranties, and they confer no rights. Script samples are provided for informational purposes only and no guarantee is provided as to functionality or suitability. The views shared on this blog reflect those of the authors and do not represent the views of any companies mentioned. Content Ownership: All content posted here is intellectual work and under the current law, the poster owns the copyright of the article. Terms of Use Copyright © 2011 - 2020.

Made with by Graphene Themes.

Tag: DSInternals

Mimikatz DCSync Usage, Exploitation, and Detection

Recent Posts

Trimarc Active Directory Security Services

Popular Posts

Categories

Copyright

Tag: DSInternals

Attacking Active Directory Group Managed Service Accounts (GMSAs)

Mimikatz DCSync Usage, Exploitation, and Detection

Recent Posts

Trimarc Active Directory Security Services

Popular Posts

Categories

Tags

Copyright