Active Directory & Enterprise Security, Methods to Secure Active Directory, Attack Methods & Effective Defenses, PowerShell, Tech Notes, & Geek Trivia…

Tag: Invoke-ReflectivePEInjection

Jan 03 2016

How Attackers Dump Active Directory Database Credentials

By Sean Metcalf in ActiveDirectorySecurity, Microsoft Security, Technical Reference

I previously posted some information on dumping AD database credentials before in a couple of posts: “How Attackers Pull the Active Directory Database (NTDS.dit) from a Domain Controller” and “Attack Methods for Gaining Domain Admin Rights in Active Directory“. This post covers many different ways that an attacker can dump credentials from Active Directory, both …

500, 502, ActiveDirectorydatabase, Administrator, copy ntds.dit, CopyNTDS.dit, DCSync, DITSnapshotViewer, dumpActiveDirectory, DumpADCredentials, DumpADCreds, DumpCredentials, DumpCreds, Esentutl, Invoke-Mimikatz, Invoke-NinjaCopy, Invoke-ReflectivePEInjection, KRBTGT, lsadump::dcsync, lsadump::lsa, mimikatz, MimikatzDCSync, ntds.dit, ntdsutil, PassTheTicket, PowerShellRemoting, PowerSploit, sekurlsa::logonpasswords, VolumeShadowCopy, VSS, VSSNTDS.dit, WMI, WMIC, WMICPassTheTicket, WMIPTT

Nov 15 2014

Owning Networks and Evading Incident Response with PowerShell

By Sean Metcalf in Microsoft Security, PowerShell, Technical Reference

PowerShell provides an easy method to bypass antivirus and other protection methods: Up until several months ago, I was a member of a penetration test team tasked with compromising data centers and evading detection. Industry standard tools such as Metasploit (an attack toolkit that includes a backdoor named Meterpreter) and Mimikatz (a password dumper) …

Invoke-ReflectivePEInjection, Meterpreter, PowerShellMagazine, PowerSploit

Copyright

Content Disclaimer: This blog and its contents are provided "AS IS" with no warranties, and they confer no rights. Script samples are provided for informational purposes only and no guarantee is provided as to functionality or suitability. The views shared on this blog reflect those of the authors and do not represent the views of any companies mentioned. Content Ownership: All content posted here is intellectual work and under the current law, the poster owns the copyright of the article. Terms of Use Copyright © 2011 - 2020.

Made with by Graphene Themes.

Tag: Invoke-ReflectivePEInjection

How Attackers Dump Active Directory Database Credentials

Owning Networks and Evading Incident Response with PowerShell

Recent Posts

Trimarc Active Directory Security Services

Popular Posts

Categories

Recent Posts

Recent Comments

Archives

Categories

Meta

Copyright

Tag: Invoke-ReflectivePEInjection

How Attackers Dump Active Directory Database Credentials

Owning Networks and Evading Incident Response with PowerShell

Recent Posts

Trimarc Active Directory Security Services

Popular Posts

Categories

Tags

Recent Posts

Recent Comments

Archives

Categories

Meta

Copyright