From the course: Advanced Pen Testing Techniques for Active Directory
Join today to access over 24,900 courses taught by industry experts.
Running a shadow attack - Active Directory Tutorial
From the course: Advanced Pen Testing Techniques for Active Directory
Running a shadow attack
- Microsoft uses public key cryptography as an underlying mechanism for access through the Kerberos protocol and provides an active directory component called "AD Certificate Services" to manage the public key certificates. We want to avoid attackers escalating or gaining long-term access to active directory once they've been able to compromise a domain user account. In addition to attacks on the accounts themselves, we want to defeat any attacks on this certificate infrastructure. There's a number of potential ways of exploiting Active Directory Certificate Services which have been documented by Will Schroeder and Lee Christensen in their paper entitled "Certified Pre-Owned". This provides numerous ways to attack specific configurations of Active Directory Certificate Services through theft or technical attack to achieve lateral movement, privilege escalation, and persistence. Testing AD Certificate Services is of…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
-
(Locked)
Specific Active Directory attacks59s
-
(Locked)
Remote extraction of AD hashes2m 36s
-
(Locked)
Carry out a Kerberos roasting2m
-
(Locked)
Run a no-preauthentication attack4m 13s
-
(Locked)
Forge a golden ticket5m 8s
-
(Locked)
Running a shadow attack5m 5s
-
(Locked)
Using rubeus to take over the domain7m 25s
-
(Locked)
Relaying attacks to get a certificate3m 29s
-
(Locked)
Using smartcards to gain privileged access6m 49s
-
(Locked)
Set the BloodHound loose6m 34s
-
(Locked)
-