Demystifying Managed (MSA) and Group Managed Service Accounts (gMSA)

Using Managed (MSA) or Group Service Accounts (gMSA) offers significant advantages over standard user-based Service accounts in an enterprise environment. Managed Service accounts provide a higher level of security and automation. Specifically designed for applications and services, they reduce the risk of password-related vulnerabilities. Managed accounts have automated password management, complex password policies and automatic password rotation. enhancing overall security posture. Group Service accounts on the other hand allow centralized management and granular access…

Kerberoasting

In this tutorial, I will cover one of my favourite Privilege Escalation techniques “Kerberoasting”. I will not only show you how to perform a kerberoasting attack but also how you can mitigate and start to detect Keroasting in your environment. If you would like to follow along with this tutorial make sure you have your Active Directory LAB all set up, If not Check out my tutorial here. Also, make sure you have a…

Unquoted Service Path

What is an Unquoted Service Path? Unquoted Service path is a Privilege escalation technique which allows you to escalate your privileges from a standard unprivileged user to an administrator or NT System account. If the service is created, the path for the executable contains spaces and the whole path is not enclosed within quotes you have an unquoted service path. An Unquoted Service Path works by exploiting the way the Windows operating system looks…

Active Directory Recycle Bin

Anyone whos worked with Active Directory knows that you need to be 100% certain before deleting any object in AD as it’s a right pain having to recover deleted items. That’s where the Active Directory Recycle Bin comes in; however, there is one caveat in that you need to have the Active Directory recycle bin enabled before any item is deleted. So, If you are here looking for a quick fix because you have…

MFA in Office 365 – Notes from the Trenches.

In this tutorial, I wanted to try something a bit different. Instead of just doing a simple how-to guide on setting up Multi-factor Authentication in office 365. I wanted to cover some of my experiences and notes in actually implementing MFA on customers tenants. Microsoft bosts that MFA prevents 99.9% of account compromise. However, this statement is true to an extent. However, you don’t have to google too much to find an abundance of…

Creating an Active Directory Home Lab

At some point in your IT career, you are going to need to build yourself an Active Directory home lab. This tutorial covers segmenting your lab from the rest of your home network, Installing Windows Server 2019, Installing Active Directory, and then joining a Windows 10 workstation to a domain. Other than the physical hardware costs of running your own lab, Microsoft basically allows you to set all this up for free using their…

First Three Steps to Secure a Linux Server

This tutorial covers the first three steps to secure any Linux server. Be it a VPS, Linux Virtual Machine, or a raspberry pi. These steps will work for any Debian-based Linux distribution, However, other Linux distributions should use similar commands. The three steps in this tutorial should be the bare minimum you need to secure a Linux server. This is in no way a complete server hardening guide. Researching for this tutorial, I noticed…

Token Impersonation Attack

Token Impersonation is a way of impersonating a user access token, allowing you to effectively take over the user without even needing to know the user’s password. Subsequently, attackers are currently using this in the wild as a way to escalate privileges and move laterally across the network. However, without proper mitigation in place, it is relatively easy to perform. The one caveat is that a token impersonation attack is a post-exploitation attack. This…

Illustrated Tutorial for Installing Microsoft LAPS

In this Tutorial, I cover the Installation and deployment of Microsoft LAPS on a Windows Domain. Giving you an Illustrated step by step guide through the whole process. LAPS stands for Local Administrator Password Solution and provides management of Local administrator passwords of any domain joined Windows Client. Once installed, the Local Administrator password becomes stored centrally in Active Directory. In-turn, only allowing domain admins or specified users to read or reset these local…

Basic Enumeration on a Windows PC

In this tutorial i am going to cover basic enumeration of a Windows PC. Let me first set the scene, you have just got a shell on a Windows domain joined PC as an unprivileged domain user. You’re first steps should be to enumerate as much information off this initial PC as possible, giving you an understanding of what other users and devices can be found on the rest of the network. This additionally…

Scroll to top