Internal – OSCP Proving Grounds
Introduction For this engagement, I tackled the OSCP Proving Grounds machine Internal. The goal was to gain a foothold, escalate privileges, and ultimately retrieve the flag from the administrator’s account. In this write-up, I’ll document my approach, mistakes, and lessons learned along the way. Step 1: Initial Reconnaissance Before attempting any exploits, I conducted a […]
Windows Security: Abusing Access Tokens | Practical
Windows, in its core security design, leverages access tokens to determine if accounts possess the requisite permissions to execute certain tasks. When you authenticate to a system, Windows hands over an access token specific to your account. But here’s where things can get dicey: these tokens, if misconfigured or manipulated, might become an open door […]
Golden Ticket Attacks
Active Directory (AD) is ubiquitous in enterprise networks, acting as the keystone for authentication and access. As with any system, AD isn’t immune to vulnerabilities. The Golden Ticket attack exemplifies a critical AD weakness, promising attackers unparalleled access once exploited. This article provides a granular, hands-on guide to Golden Ticket attacks for Capture The Flag […]
Pass the Ticket: An AD Attack Method
Pass-the-Ticket (PtT) is a popular method of attack in AD environments, capitalizing on Kerberos tickets to gain unauthorized access. This guide breaks down PtT for the active CTF player, offering actionable code and clear steps to execute under time pressure. PtT Basics In Kerberos authentication, tickets, rather than passwords, grant access to resources. If an […]
Kerberoasting: An Offensive Playbook
Active Directory, a cornerstone of many networks, is riddled with complexities and nuances. It is these intricacies that give birth to vulnerabilities like Kerberoasting. This article aims to provide a detailed, hands-on guide to Kerberoasting for Capture The Flag (CTF) enthusiasts. Let it serve as a touchstone during your challenges. Kerberos and SPNs Kerberos A […]