Hello,
Today, we are talking about the exploitation of Kerberos protocol extensions S4U2Self and S4U2Proxy in order to impersonate a privileged user of the domain.
This post aims at focusing on the Kerberos constrained delegation with protocol transition which we will shorten T2A4D (TrustedToAuthForDelegation); how to enumerate it, how to exploit it and use it as a method of persistence.
Hello,
In this blog post i will share my Cypher queries which i’m using in my daily engagements. I aim to be complementary to the cheatsheets you can found out there and to the default queries you will find in BloodHound.
Read more ...Quick answer: Totally !
Hello everybody,
I would like to talk a bit about the SecurityTube red team labs, specifically the Advanced Red Team Lab which leads to the CRTE (Certified Red Team Expert) certification. P.S: i’m not affiliated with securitytube.
Some great reviews are already existing, so i will focus on why i chose this lab and certification. I will give you some hints about how to approach your targets. Most importantly, i would like to introduce you a tool that i developped which will help you during your journey, Invoke-Recon.
Read more ...Hello,
I will do a quick and dirty post about what’s out there to find / prevent leaks of secrets in your git repositories.
I did not try all of these tools. For the search part, i’m mainly using a fork of Trufflehog with some added features (search in filenames, commits comments, also with custom regexes).