The content in this post describes a method through which an attacker could persist administrative access to Active Directory after having Domain Admin level rights for about 5 minutes. Complete list of Sneaky Active Directory Persistence Tricks posts This post explores how an attacker could leverage existing admin rights and/or over-permissive delegation to gain persistence …
Tag: kerberoasting
Jan 29
Sneaky Persistence Active Directory Trick #18: Dropping SPNs on Admin Accounts for Later Kerberoasting
- AD Sneaky Persistence, attacking kerberos, Kerberoast, kerberoasting, Kerberos attack, Kerberos Ticket Cracking, KerberosRequestorSecurityToken, PowerShell Kerberoasting, RC4 TGS ticket, service principal name, sneaky persistence tricks, SPN, System.IdentityModel, TGS cracking, Write ServicePrincipalName
Recent Posts
- Attacking Read-Only Domain Controllers (RODCs) to Own Active Directory
- Securing Microsoft Active Directory Federation Server (ADFS)
- Gathering AD Data with the Active Directory PowerShell Module
- Beyond Domain Admins – Domain Controller & AD Administration
- Scanning for Active Directory Privileges & Privileged Accounts
Trimarc Active Directory Security Services
Have concerns about your Active Directory environment?
Trimarc helps enterprises improve their security posture.
Find out how... TrimarcSecurity.com
Popular Posts
- Attack Methods for Gaining Domain Admin Rights in…
- PowerShell Encoding & Decoding (Base64)
- Securing Windows Workstations: Developing a Secure Baseline
- The Most Common Active Directory Security Issues and…
- Building an Effective Active Directory Lab…
- Detecting Offensive PowerShell Attack Tools
- Securing Domain Controllers to Improve Active…
- Microsoft Local Administrator Password Solution (LAPS)
- Finding Passwords in SYSVOL & Exploiting Group…
- PowerShell Version 5 is Available for Download (again)
Categories
- ActiveDirectorySecurity
- Apple Security
- Cloud Security
- Continuing Education
- Entertainment
- Exploit
- Hacking
- Hardware Security
- Hypervisor Security
- Linux/Unix Security
- Malware
- Microsoft Security
- Mitigation
- Network/System Security
- PowerShell
- RealWorld
- Security
- Security Conference Presentation/Video
- Security Recommendation
- Technical Article
- Technical Reading
- Technical Reference
- TheCloud
- Vulnerability
Tags
Active Directory
ActiveDirectory
ActiveDirectoryAttack
ActiveDirectorySecurity
Active Directory Security
ADReading
ADSecurity
DCSync
DEFCON
DomainController
EMET5
GoldenTicket
HyperV
Invoke-Mimikatz
KB3011780
KDC
Kerberos
KerberosHacking
KRBTGT
LAPS
LSASS
MCM
MicrosoftEMET
MicrosoftWindows
mimikatz
MS14068
PassTheHash
PowerShell
PowerShellCode
PowerShellHacking
PowerShellv5
PowerSploit
Presentation
Security
SIDHistory
SilverTicket
SneakyADPersistence
SYSVOL
TGS
TGT
Windows7
Windows10
WindowsServer2008R2
WindowsServer2012
WindowsServer2012R2