Microsoft

Demystifying Managed (MSA) and Group Managed Service Accounts (gMSA)

Using Managed (MSA) or Group Service Accounts (gMSA) offers significant advantages over standard user-based Service accounts in an enterprise environment. Managed Service accounts provide a higher level of security and automation. Specifically designed for applications and services, they reduce the risk of password-related vulnerabilities. Managed accounts have automated password management, complex password policies and automatic password rotation. enhancing overall security posture. Group Service accounts on the other hand allow centralized management and granular access…

Kerberoasting

In this tutorial, I will cover one of my favourite Privilege Escalation techniques “Kerberoasting”. I will not only show you how to perform a kerberoasting attack but also how you can mitigate and start to detect Keroasting in your environment. If you would like to follow along with this tutorial make sure you have your Active Directory LAB all set up, If not Check out my tutorial here. Also, make sure you have a…

Unquoted Service Path

What is an Unquoted Service Path? Unquoted Service path is a Privilege escalation technique which allows you to escalate your privileges from a standard unprivileged user to an administrator or NT System account. If the service is created, the path for the executable contains spaces and the whole path is not enclosed within quotes you have an unquoted service path. An Unquoted Service Path works by exploiting the way the Windows operating system looks…

Active Directory Recycle Bin

Anyone whos worked with Active Directory knows that you need to be 100% certain before deleting any object in AD as it’s a right pain having to recover deleted items. That’s where the Active Directory Recycle Bin comes in; however, there is one caveat in that you need to have the Active Directory recycle bin enabled before any item is deleted. So, If you are here looking for a quick fix because you have…

MFA in Office 365 – Notes from the Trenches.

In this tutorial, I wanted to try something a bit different. Instead of just doing a simple how-to guide on setting up Multi-factor Authentication in office 365. I wanted to cover some of my experiences and notes in actually implementing MFA on customers tenants. Microsoft bosts that MFA prevents 99.9% of account compromise. However, this statement is true to an extent. However, you don’t have to google too much to find an abundance of…

Illustrated Tutorial for Installing Microsoft LAPS

In this Tutorial, I cover the Installation and deployment of Microsoft LAPS on a Windows Domain. Giving you an Illustrated step by step guide through the whole process. LAPS stands for Local Administrator Password Solution and provides management of Local administrator passwords of any domain joined Windows Client. Once installed, the Local Administrator password becomes stored centrally in Active Directory. In-turn, only allowing domain admins or specified users to read or reset these local…

Banner Based Vulnerabilities For Microsoft Exchange smtpd

This Banner based Vulnerability is a common Exchange Server misconfiguration I see on PCI Compliance scans all the time. Try googling for this error and you just get a few forum pages telling you how to fix the issue; However, never explaining why this vulnerability happens in the first place. Also, check out my HTTP Header Internal IP Disclosure tutorial. If you find this vulnerability also on your PCI Compliance Report. Banner Based Vulnerabilities…

Scroll to top