Defence
Ok that subject is massive…so this is a bit more of a targeted thought process to consider.
Each network is unique and technology deployments vary. One time I was in a network that was almost entirely Apple MacBooks and a door control panel…. which was ‘fun’.
So this is a general list of some things to consider if you have tech deployed such as:
Defence
Ok so here’s the thing, I do NOT like getting pwn3d! I think you probably would rather your organisation does not too!
What I really don’t want to occur is a ransomware event! They suck, they are like a digital bomb going off.
So I’ve knocked up a quick list to get people thinking (these are NOT all the vulnerabilities I networks you should care about.. but they are some that could lead to a ransomware event!)
Read more “What are the top Active Directory Security vulnerabilities I care about?”
Education
I’ve not slept well for the last week and my brain is hurting, so I thought I would see if I can take our lovely new SKYNET overload AI “CHATGPT” and make it do all my work for me!
A common vulnerability in systems like Active Directory is where a system administrator writes a password in the description field. So the easy answer to this is DO NOT DO THIS. However during penetration testing we want to check. There’s tons of ways to do this but I thought I’d ask our AI roboto to help, so let’s see!
Read more “Active Directory Enumeration with ChatGPT”
Defense
Ok so the other day “we” as a community put out some guidance around post active directory compromise actions for when you can’t simply nuke the forest from orbit. Well, following on from that a friend asked about how to restore AdminSDHolder permissions? Read more “How to restore AdminSDHolder Object Permissions using ADSIedit”
Guides
Ever needed to test active directory in a hurry? Well, here’s some common commands to test active directory domain services. In this post today we are going to focus on DNS and username enumeration, there are however a range of weaknesses you want to look for:
Port Scanning and Service Fingerprinting
nmap -p- -sC -sV -Pn -v -A -oA ecorp.local.txt 192.168.1.22
Read more “Rapid Active Directory Security Testing of Windows Server 2022 and Kali Linux”
CTF
Back in the early Active Directory days NULL bind was actually enabled by default, these days you can get a rootDSE NULL bind out of the box but on Windows Server 2019 you can even disable this!
So why would I want to enable NULL bind? Well, some legacy apps may need it but generally speaking you don’t want NULL bind enabled.
The lesson here is DO NOT copy what I am doing here! Simples! Read more “How to enable NULL Bind on LDAP with Windows Server 2019”