Menu

french flag

Silver & Golden Tickets

Silver & Golden Tickets

Now that we have seen how Kerberos works in Active Directory, we are going to discover together the notions of Silver Ticket and Golden Ticket. To understand how they work, it is necessary to primary focus on the PAC (Privilege Attribute Certificate).


Read more →

Pass the Hash

Pass the Hash

During internal intrusion tests, lateral movement is an essential component for the auditor to seek information in order to elevate his or her privileges over the information system. The technique known as Pass the Hash is extremely used in this situation to become an administrator on a set of machines. We will detail here how this technique works.


Read more →

Extract credentials from lsass remotely

Extract credentials from lsass remotely

In corporate penetration tests, lateral movement and elevation of privilege are two fundamental concepts for advancing and gaining control of the target. There are a multitude of ways to do one or the other, but today we will present a new technique for reading the content of a lsass dump remotely, significantly reducing latency and detection during password extraction on a set of machines.


Read more →

BloodHound

BloodHound

BloodHound is a tool for visualizing an Active Directory environment as a graph. This representation then offers all the power of graph theory to unravel new attack paths that otherwise would have been difficult or impossible to detect.


Read more →

Kerberos in Active Directory

Kerberos in Active Directory

Active Directory is a Microsoft solution used for Windows network management, and provides the following services:

  • Directory service (LDAP)
  • Authentication (Kerberos)
  • Name resolution (DNS)
  • Homogeneous software policy

In this article, we will focus on the authentication part within Active Directory, based on Kerberos.

Kerberos is a protocol that allows users to authenticate on the network, and access services once authenticated.


Read more →

Deep Web & Dark Web

Deep Web & Dark Web

This is a very small article that allows to put things back in order. I’m often asked if I’ve ever been on the deep web, the dark web, or darknets without really understanding what it was, what were the differences and so on. This article is not intended to make a study nor an inventory, but rather to get a basic understanding of these terms. So here are a few lines to start explaining in five minutes what these terms imply.


Read more →