27 Nov 2020
Hello,
Today, we are talking about the exploitation of Kerberos protocol extensions S4U2Self and S4U2Proxy in order to impersonate a privileged user of the domain.
This post aims at focusing on the Kerberos constrained delegation with protocol transition which we will shorten T2A4D
(TrustedToAuthForDelegation); how to enumerate it, how to exploit it and use it as a method of persistence.
Read more ...
04 Oct 2020
Hello,
In this blog post i will share my Cypher queries which i’m using in my daily engagements. I aim to be complementary to the cheatsheets you can found out there and to the default queries you will find in BloodHound.
Read more ...
22 Sep 2020
Quick answer: Totally !
Hello everybody,
I would like to talk a bit about the SecurityTube red team labs, specifically the Advanced Red Team Lab which leads to the CRTE (Certified Red Team Expert) certification. P.S: i’m not affiliated with securitytube.
Some great reviews are already existing, so i will focus on why i chose this lab and certification. I will give you some hints about how to approach your targets. Most importantly, i would like to introduce you a tool that i developped which will help you during your journey, Invoke-Recon.
Read more ...
27 May 2020
Hello,
I will do a quick and dirty post about what’s out there to find / prevent leaks of secrets in your git repositories.
I did not try all of these tools. For the search part, i’m mainly using a fork of Trufflehog with some added features (search in filenames, commits comments, also with custom regexes).
Objectives :
- Look into the commits history for sensitive information publicly accessible by an attacker ;
- Prevent secrets leaks ;
- Monitoring and integrating these checks in the Continous Delivery process - aka DevSecOps
Read more ...