CTF
If we have high privilege access to a domain, we will likely want to establish persistence with high privilege access. One mechanism to do this is to assign ourselves permissions to the adminSDHolder object in active directory:
Here we have the default adminSDHolder permissions. We are going to add our user “low” in here with modify or full control permissions: Read more “Abusing AdminSDHolder to enable a Domain Backdoor”
CTF
Some hashes are obvious but even then, it’s a good job to check. There are a few ways to check a hash outside of manual validation.
Using the Hashcat example list:
https://hashcat.net/wiki/doku.php?id=example_hashes
Using hash-identifier:
https://github.com/blackploit/hash-identifier
Using cyberchef Analyse hash:
https://gchq.github.io/CyberChef/#recipe=Analyse_hash()
Using hash-id:
https://github.com/psypanda/hashID
Using HashTag:
https://github.com/SmeegeSec/HashTag
As you can see there are range of tools available to you, and remember if you want to keep the hashes to yourself you can download Cyberchef and run it locally!
Guides
This is a super-fast blog to show how to crack sshkeys with JohnTheRipper from Kali VM.
Create a key
ssh-keygen Read more “Cracking an SSH key with John the Ripper (JTR)”
Guides
Whilst I was on ‘holiday’ (seriously even when on holiday I almost always must do some work!) a few Windows vulnerabilities were published. Great work by Gilles Lionel, Benjamin Delpy and many many others!
You do not need any domain credentials to conduct this exploit chain, so from a network adjacent unauthenticated position you can get DA with the right circumstances (default configuration). Read more “From Zero to DA using ‘PetitPotam’”
Defense
I do not know Mr Martin, but I would assume that his role at NCSC and GCHQ would have given him a good insight into the realities of cybercrime, cyber terrorism, nation state affairs and how to effectively defend against cyber criminals (and other threat actors) so please read this blog as it is intended, it’s an analysis on the quoted statements and reporting style and general view of mine about current cyber war rhetoric, not an analysis of the person. Why am I writing this? Well, I am seeing an increased level of FUD, snake oil and cyber war rhetoric and I wanted to share some of my thoughts, opinions, and ideas in this space. For it is far too easy to call for war and in cyberspace do we even know what that means? Read more “Combating Cyber Crime: Should we really be charging to cyber war?”
Defense
“Can I have a penetration test please” is about in line with saying “Can I have a car please?”. Why am I writing a blog about this? Well, where do I start, so I have been working on the technology world basically all my career and over the last 20 odd years one area of digital security management that I think a lot of organisations and people struggle with is understanding just what a penetration test is, how it should be used, how long they can take and what is involved. Read more “Understanding Penetration Testing Scopes”
Defense
A lot of people talk about AGILE but the normally mean ‘agile’ however when it comes to security testing and penetration testing (to me there is most certainly a difference) we need to be mindful of the different approaches, so we select the right one for the context, scenario, and objectives.
In this post we take a brief look at what we recommend for a range of scenarios and we look at the key differences and what some constraints might mean when it comes to approach selection.
Read more “Everything must be agile but is that really always the best way?”