Domain Persistence - Golden Certificate
Retrieving the CA certificate could allow a threat actor to forge and sign certificates for any domain user on the domain including domain machine accounts for domain persistence. The most critical machine account is the the one the belongs to the Domain Controller.
The forged certificate can then be used to request a Kerberos ticket from the KDC and utilize this ticket with pass the ticket on any host.
Using the DCSync technique the NTLM hash of the domain administrator can be retrieved which can be used with pass the hash to establish a session with the domain controller or via WMI.
Article: https://pentestlab.blog/2021/11/15/golden-certificate/
Видео Domain Persistence - Golden Certificate канала Pentest Laboratories
The forged certificate can then be used to request a Kerberos ticket from the KDC and utilize this ticket with pass the ticket on any host.
Using the DCSync technique the NTLM hash of the domain administrator can be retrieved which can be used with pass the hash to establish a session with the domain controller or via WMI.
Article: https://pentestlab.blog/2021/11/15/golden-certificate/
Видео Domain Persistence - Golden Certificate канала Pentest Laboratories
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
![MSBuild without MSBuild](https://i.ytimg.com/vi/HfpmqgwvGx4/default.jpg)
![Abusing .NET Core - Evasion](https://i.ytimg.com/vi/yytWD9RW-io/default.jpg)
![Domain Escalation - sAMAccountName Spoofing](https://i.ytimg.com/vi/Q1ihgDXGEB0/default.jpg)
![WaitFor - Download and Execute Arbitrary Code](https://i.ytimg.com/vi/yzRQhutZpg4/default.jpg)
![Domain Persistence - Machine Account](https://i.ytimg.com/vi/uFjpPUuY_7g/default.jpg)
![Account Persistence - Certificates](https://i.ytimg.com/vi/Pwt2kk2vJDM/default.jpg)
![Universal Privilege Escalation and Persistence - Printer](https://i.ytimg.com/vi/ktqfhfIOyq0/default.jpg)
![Lateral Movement - Windows Services](https://i.ytimg.com/vi/c5k6XAcNNOA/default.jpg)
![Process Herpaderping - Windows Defender Evasion](https://i.ytimg.com/vi/FIDCLMvH6Vs/default.jpg)
![Resource Based Constrained Delegation](https://i.ytimg.com/vi/VhbNYwLlu10/default.jpg)
![AppDomainManager Injection](https://i.ytimg.com/vi/1TkK8lfu0NQ/default.jpg)
![RID Hijacking](https://i.ytimg.com/vi/CyS24beSHC8/default.jpg)
![Remote Potato - From Domain User to Enterprise Admin](https://i.ytimg.com/vi/aXtJzn2dsp4/default.jpg)
![AMSI Bypass Methods](https://i.ytimg.com/vi/6WBkBU0733o/default.jpg)
![Process Ghosting](https://i.ytimg.com/vi/OamW6-nu8PA/default.jpg)
![Shadow Credentials](https://i.ytimg.com/vi/6IyG_DA_0Vg/default.jpg)
![Domain Escalation - ShadowCoerce](https://i.ytimg.com/vi/8ChZDeizjII/default.jpg)
![Parent PID Spoofing](https://i.ytimg.com/vi/Fz3d5bFBKJ0/default.jpg)
![Password Filter DLL](https://i.ytimg.com/vi/hqtGdfULemQ/default.jpg)
![Credentials Dumping - RDP](https://i.ytimg.com/vi/KzP-yx6Dq_U/default.jpg)