Domain Persistence - Golden Certificate
Retrieving the CA certificate could allow a threat actor to forge and sign certificates for any domain user on the domain including domain machine accounts for domain persistence. The most critical machine account is the the one the belongs to the Domain Controller.
The forged certificate can then be used to request a Kerberos ticket from the KDC and utilize this ticket with pass the ticket on any host.
Using the DCSync technique the NTLM hash of the domain administrator can be retrieved which can be used with pass the hash to establish a session with the domain controller or via WMI.
Article: https://pentestlab.blog/2021/11/15/golden-certificate/
Видео Domain Persistence - Golden Certificate канала Pentest Laboratories
The forged certificate can then be used to request a Kerberos ticket from the KDC and utilize this ticket with pass the ticket on any host.
Using the DCSync technique the NTLM hash of the domain administrator can be retrieved which can be used with pass the hash to establish a session with the domain controller or via WMI.
Article: https://pentestlab.blog/2021/11/15/golden-certificate/
Видео Domain Persistence - Golden Certificate канала Pentest Laboratories
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
MSBuild without MSBuild
Abusing .NET Core - Evasion
Domain Escalation - sAMAccountName Spoofing
WaitFor - Download and Execute Arbitrary Code
Domain Persistence - Machine Account
Account Persistence - Certificates
Universal Privilege Escalation and Persistence - Printer
Lateral Movement - Windows Services
Process Herpaderping - Windows Defender Evasion
Resource Based Constrained Delegation
AppDomainManager Injection
RID Hijacking
Remote Potato - From Domain User to Enterprise Admin
AMSI Bypass Methods
Process Ghosting
Shadow Credentials
Domain Escalation - ShadowCoerce
Parent PID Spoofing
Password Filter DLL
Credentials Dumping - RDP