Infrastructure

Golden gMSA Attacks

Extracting gMSA service accounts from child domains.

Infrastructure

SID History Abuse

Modifying SID History values to compromise parent domains.

Infrastructure

Backup Operator Privilege Escalation

Extracting domain controller credentials using the Backup Operators group.

Infrastructure

Active Directory Explorer

Using Microsoft AD Explorer to collect Active Directory attack path information.

Infrastructure

Active Directory DACL Attacks

Exploiting misconfigured Active Directory access control lists.

Malware Dev

Persistence Mechanisms

Maintaining access to a target system.

Infrastructure

Entra ID Connect

Extracting credentials from Azure Entra Connect.

Malware Dev

Password Filters

Using password filters to intercept logon credentials.

Infrastructure

Coerced Authentication

Persuading Windows hosts to provide machine account credentials.

Exploit Dev

LD_PRELOAD Exploitation

Using LD_PRELOAD for dynamic function hooking and privilege escalation.

Infrastructure

IPv6 Penetration Testing

Testing IPv6 security.

Infrastructure

Bypassing Multi Factor Authentication

Intercepting multi factor authentication credentials using an Nginx reverse proxy.