Attack and Detection of Shadow Credentials
HTML-код
- Опубликовано: 20 янв 2025
- How to Force a certificate into Active Directory and escalate to complete
Active Directory takeover. I will show how to detect the usage of overpass the hash and detect MSDSKeyCredential linkage to a domain controller computer account. Bonus, I do the entire demo with AV turned on using obfuscated versions of Rubeus and Mimikatz.
Shadow Credentials Write Up: posts.spectero...
Whisker: github.com/ela...
Huan Loader: github.com/frk...
MimiKatz: github.com/Par...
~-~~-~~~-~~-~
Please watch: "Red Team Tips February 1st: OPSEC Safe Active Directory Enumeration with SilentHound "
• Red Team Tips February...
~-~~-~~~-~~-~
![Seungmin "그렇게, 천천히, 우리(As we are)" | [Stray Kids : SKZ-PLAYER]](http://i.ytimg.com/vi/kAzmhLHePqU/mqdefault.jpg)
Very nicely explained, thank you!
Just shared your channel with my team. Great Content! Would love to see some ADCS content if you have the time
I do have one video showing ADCS content specifically DFSCoerce and how that attack works. If you would like to see something specific let me know.
Great video. Do you have your obfuscated binaries available for use? I'd be interested in testing detection methods.
I don't have them available anywhere but if you watch my Defeating Defender video you can make a version of Rubeus just like mine. The other binary is huan loader version of mimikatz.exe. That''s really easy to build on your own as well.
@@CyberAttackDefense I saw that video. Great stuff too. Thanks for your channel. I've learned a lot.
Awesome. Tell your friends!