AlexDhital

OverviewIn active directory trust is a relationship between two domain or forest which allows users or groups of one domain or forest to authenticate and access resources of another domain or forest or vice versa. One Way TrustThis is also known as one direction trust where users or groups in trusted domain can access resources in trusting domain but the reverse is not true. For example in a forest alex.local there is a child domain development.alex.local and there is another forest dhital.loca ...

Unconstrained Delegation When a user wants to access a service eg: HTTP the client will ask for Service Ticket for HTTP service from the Ticket Granting Server by providing their TGT and SPN HTTP\dev.dhitalcorp.local, the Ticket Granting Server will verify the TGT provide them ST for that service, the client will then present the ST to the web server which will grant or deny them access. But in a dynamic web application the web application will have to only display the information and functiona ...

OverviewWelcome to my three-part blog series! In this first part, I’ll dive deep into how Kerberos works and take a closer look at Kerberoasting and ASREPRoasting attacks. In the next part, we’ll explore Kerberos delegation, some of the architectural and design issues in Kerberos, and how attackers can exploit these weaknesses. The final part will be about Shadow Credentials. Kerberos is one of the main authentication protocols in Active Directory, along with NTLM and LDAP. It’s considered secur ...

OverViewWhether you’re a penetration tester, red teamer, CTF player, or cybersecurity enthusiast, you’re likely familiar with the concept of password cracking. It is a vital skill for any offensive security practitioner. In the past, passwords were often stored in plaintext or with weak hashing algorithms like MD5. Back then, it was common to dump a database via SQL injection, feed the hashes into Crackstation, and easily recover the plaintext passwords. Remember those days? Well password hashin ...

Introduction Last Saturday I passed the Certified Red Team Operator (CRTO) exam, offered by Zero Point Security with all 8/8 flags. I believe Daniel Duggan is the sole founder, maintainer, handles the overall support, discord along with numerous other course offered by Zero Point Security. It was an awesome experience to get hands on experience with cobalt strike. The course costs about £365.00 which is about NPR 64,097.54 about $476.86 USD. The course can be purchased with lab time include ...

OverviewAfter my OSCP I felt I needed a good grasp and overall in depth understanding on Active Directory so I decided to purchase the Attacking and Defending Active Directory course from altered security which provides Certified Red Team Professional credential after succesfully tackling the 24 hour exam. I took the 30 days lab access for $249. The course ships with hours of video content, diagrams, walkthrough videos and a lab wiki. Instead of putting students in a large network and letting th ...

OSCP and Penetration Testing mindset OverviewWhile I passed my OSCP back in August, 2022. In this blog post I specifically wanted to reflect on the mindset and strategy which offsec helped to develop for conducting a successful penetration test against an organization. This article will not be specifically about the course, lab or the exams as there are alot of other articles on the internet regarding those but rather a unique psychological aspect behind an adversial thinking and how OSCP helped ...