Skip to content
PwnDefend
  • Base
  • Comms Room
    • Customer Feedback
    • Company Information
    • Security Management
  • Services
    • Consulting Services
      • Enterprise Security Posture Assessment
      • Cyber Security Assurance & Security Testing Services
      • IT Security Healthchecks
      • Active Directory Assessment Services
      • Managed Remediation Services
    • Emergency Cyber Incident Response Support
    • Our Success Stories
    • Partner Services
  • Blog
  • Privacy
Defense

Post Compromise Active Directory Checklist

Nuke it from orbit, it’s the only way to be sure!

Ok, in an ideal world you can re-deploy your entire environment from scratch, but back in the most people’s real world’s that’s not that simple. So, what do we do if we can’t nuke from orbit in a post compromise situation? Well, we need to clean up! This isn’t an exhaustive list, not a total guide. it’s a quick list to make you think about some key common areas and actions that might need to be taken! after all if someone got r00t, who knows what they did! (trust me, most orgs monitoring is a bit naff!)

Read more “Post Compromise Active Directory Checklist” →
Guides

Rapid Active Directory Security Testing of Windows Server 2022…

Introduction

Ever needed to test active directory in a hurry? Well, here’s some common commands to test active directory domain services. In this post today we are going to focus on DNS and username enumeration, there are however a range of weaknesses you want to look for:

  • SMB Null Session/Guest Access
  • LDAP Null Bind
  • Sensitive Information Disclosure
  • Weak Password Policies
  • Unpatched Software Vulnerabilities

Active Recon

Port Scanning and Service Fingerprinting

nmap -p- -sC -sV -Pn -v -A -oA ecorp.local.txt 192.168.1.22

Text

Description automatically generated

Text

Description automatically generated

Domain Name and Domain Controller Enumeation

Read more “Rapid Active Directory Security Testing of Windows Server 2022 and Kali Linux” →

CTF

How to enable NULL Bind on LDAP with Windows…

History of NULL bind

Back in the early Active Directory days NULL bind was actually enabled by default, these days you can get a rootDSE NULL bind out of the box but on Windows Server 2019 you can even disable this!

So why would I want to enable NULL bind? Well, some legacy apps may need it but generally speaking you don’t want NULL bind enabled.

The lesson here is DO NOT copy what I am doing here! Simples! Read more “How to enable NULL Bind on LDAP with Windows Server 2019” →

Recent Posts

  • Protective DNS (PDNS) by NCSC UK adds UK schools
  • Cisco IOS XE Incident Update
  • No one is responsible for your OWN Cyber Defences other than you! 
  • The Manual Version 2.0
  • Cyber Security for PC Gamers

Recent Comments

  1. The Week in Ransomware – May 26th 2023 – Cities Under Attack - Shackle Media on The Manual Version 2.0
  2. The Week in Ransomware – May 26th 2023 – Cities Under Attack – Source: www.bleepingcomputer.com - CISO2CISO.COM & CYBER SECURITY GROUP on The Manual Version 2.0
  3. The Week in Ransomware - Might twenty sixth 2023 - Computer Depot | Best & Reliable Computer Repair - O'Fallon on The Manual Version 2.0
  4. The Week in Ransomware - Could twenty sixth 2023 - Anedejo on The Manual Version 2.0
  5. The Week in Ransomware - May 26th 2023 - Tech World4uu on The Manual Version 2.0

Archives

  • November 2023
  • October 2023
  • August 2023
  • May 2023
  • April 2023
  • March 2023
  • February 2023
  • January 2023
  • December 2022
  • November 2022
  • October 2022
  • September 2022
  • August 2022
  • July 2022
  • June 2022
  • May 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • December 2021
  • November 2021
  • October 2021
  • September 2021
  • August 2021
  • July 2021
  • May 2021
  • April 2021
  • March 2021
  • February 2021
  • January 2021
  • December 2020
  • November 2020
  • October 2020
  • September 2020
  • August 2020
  • July 2020
  • March 2020
  • February 2020
  • January 2020
  • October 2019
  • May 2019
  • April 2019
  • March 2019
  • February 2019
  • January 2019
  • December 2018
  • October 2018
  • September 2018
  • August 2018
  • July 2018

Categories

  • Architecture
  • Breach
  • Company News
  • CTF
  • Defence
  • Defense
  • Education
  • Fiction
  • Getting into Cyber
  • Guides
  • Hacking
  • IOT
  • Leadership
  • News
  • OSINT
  • Reviews
  • Strategy
  • Threat Intel
  • Uncategorized
  • Vulnerabilities
Copyright (c) Xservus Limited