Humla Session on Red Teaming Active Directory null Bangalore Humla 04 May 2019 Red Teaming Active Directory
Red Teaming Active Directory
1) Lab setup
2) Post-exploitation in AD
3) Application Whitelist bypass methods
1) Server 2016/2019 installed in vbox/vmware
2) Windows enterprise installed in vbox/vmware
(Please install the machines before attending to save time. )
3) Linux (preferably Kali or parrot) installed in virtualbox or as host OS
4) Basic internet access for random tools (mobile data would be fine)
5) C2 frameworks:
The session will be completely about post-exploitation i.e you either have a set of credentials/hash of the user you're attacking.
I have provided a few references for obtaining the hash/credentials.
* AD setup
* Windows password management(SAM,NTDS.dit,lsass)
* SSP provider - wdigest
* Password spraying
* Widespread local Administrator password spray
* Execution methods - psexec,wmiexec , smbexec , atexec, winrm
Whitelist bypass methods:
* Intro to WMI , wbemtest , powershell and wmi
* Inline C# execution
4) InstallUtil and csc
* Registration, Unregistration and janus behaviour
* executing when cmd is blocked by creating shortcut
* COM , registring dlls, sct files
* Using wscript files for code execution
6) Using trusted scripts for executing code
If you want to learn more, explore these websites as they are/were maintained by experts in this domain.
I prefer day dreaming, I have better control over the narrative.
Starts at Saturday May 04 2019, 09:30 AM. The sessions runs for about 8 hours.