Active Directory

Demystifying Managed (MSA) and Group Managed Service Accounts (gMSA)

Using Managed (MSA) or Group Service Accounts (gMSA) offers significant advantages over standard user-based Service accounts in an enterprise environment. Managed Service accounts provide a higher level of security and automation. Specifically designed for applications and services, they reduce the risk of password-related vulnerabilities. Managed accounts have automated password management, complex password policies and automatic password rotation. enhancing overall security posture. Group Service accounts on the other hand allow centralized management and granular access…

Kerberoasting

In this tutorial, I will cover one of my favourite Privilege Escalation techniques “Kerberoasting”. I will not only show you how to perform a kerberoasting attack but also how you can mitigate and start to detect Keroasting in your environment. If you would like to follow along with this tutorial make sure you have your Active Directory LAB all set up, If not Check out my tutorial here. Also, make sure you have a…

Active Directory Recycle Bin

Anyone whos worked with Active Directory knows that you need to be 100% certain before deleting any object in AD as it’s a right pain having to recover deleted items. That’s where the Active Directory Recycle Bin comes in; however, there is one caveat in that you need to have the Active Directory recycle bin enabled before any item is deleted. So, If you are here looking for a quick fix because you have…

Creating an Active Directory Home Lab

At some point in your IT career, you are going to need to build yourself an Active Directory home lab. This tutorial covers segmenting your lab from the rest of your home network, Installing Windows Server 2019, Installing Active Directory, and then joining a Windows 10 workstation to a domain. Other than the physical hardware costs of running your own lab, Microsoft basically allows you to set all this up for free using their…

Token Impersonation Attack

Token Impersonation is a way of impersonating a user access token, allowing you to effectively take over the user without even needing to know the user’s password. Subsequently, attackers are currently using this in the wild as a way to escalate privileges and move laterally across the network. However, without proper mitigation in place, it is relatively easy to perform. The one caveat is that a token impersonation attack is a post-exploitation attack. This…

Scroll to top