One of the weaknesses that I configured in my lab environment was “Unconstrained Delegation.” Systems in an Active Directory (AD) environment can be configured for unconstrained delegation. This means that a system can “delegate”, or impersonate users that authenticate to it. Normally, when a user authenticates to a service running on a system, the user…
All posts in tutorial
Kerberoasting
This post will demonstrate how to perform a “Kerberoasting” attack in an Active Directory (AD) environment. In a previous post, I detailed how to create an AD lab in AWS and how to configure a user with a Service Principal Name (SPN) that will allow for the Kerberoasting attack. Background Information Kerberoasting is an attack…
Covenant C2 Infrastructure with Redirectors
In my previous post, I wrote about getting started with Covenant C2. In that post the infrastructure I setup for the C2 communications was very simple: The C2 agents connected directly to the C2 server over a private subnet. This works for a lab environment, but for a real world redteam engagement having your C2…
Getting Started with Covenant C2
In my previous blog post, I created an Active Directory (AD) lab environment in AWS that I wanted to use to test/practice various redteam concepts and tools. One of the tools I was interested in testing is the new version of Covenant C2. Covenant is a command-and-control (C2) framework. What this means is if you…
Creating an Active Directory Lab in AWS
I recently started the Attacking and Defending Active Directory course from Pentester Academy, and just finished up the last of the hands-on objectives. The material for the course is great for anyone looking to improve their skills for enumerating and abusing Active Directory on internal penetration tests or red team engagements. The course is designed…