Browsed by
Tag: Domain Admins

Lateral Movement with CrackMapExec

Lateral Movement with CrackMapExec

In the previous post, we explored how attackers can use Mimikatz to automatically escalate privileges to Domain Admins using Empire and DeathStar. In this post, I will take a look at another open-source tool that leverages Mimikatz to harvest credentials and move laterally through an Active Directory environment: CrackMapExec. Self-described as a “swiss army knife for pentesting networks”, CrackMapExec is a Python-based utility that is geared towards evaluating and exploiting weaknesses in Active Directory security. This approach involves gathering credentials…

Read More Read More

Top 10 Ways to Identify and Detect Privileged Users by Randy Franklin Smith

Top 10 Ways to Identify and Detect Privileged Users by Randy Franklin Smith

Privileged users are the penultimate goal of cyberattacks. Once attackers have privileged access, it’s only a small step to the information they want to steal. Cybercriminals leverage tools such as malware and phishing scams to gain a foothold within your organization, looking for ways to access and utilize credentials. In “wash, rinse, repeat” fashion, attackers patiently claw and scrape their way from first gaining access to a low-level local account all the way up to getting the highest privileged accounts…

Read More Read More

Performing Domain Reconnaissance Using PowerShell

Performing Domain Reconnaissance Using PowerShell

AD Attack #1 – LDAP Reconnaissance The first thing any attacker will do once he gains a foothold within an Active Directory domain is to try to elevate his access. It is surprisingly easy to perform domain reconnaissance using PowerShell, and often without any elevated privileges required. In this post, we will cover a few of the different ways that PowerShell can be used by attackers to map out your environment and chose their targets. The Basics of Reconnaissance using…

Read More Read More