Alyssa Snow

Alyssa Snow, Blue Team, Blue Team Tools, General InfoSec Tips & Tricks, How-To, Informational, Red Team, Red Team Tools Active Directory, bloodhound

A Practical Guide to BloodHound Data Collection

This blog will not dive too deeply into BloodHound itself; instead, we will focus on various methods to collect AD data to provide BloodHound as input.

Read the entire post here

Alyssa Snow, Blue Team, Blue Team Tools, External/Internal, How-To, Informational Active Directory, ADCS

Detecting ADCS Privilege Escalation

Active Directory Certificate Services (ADCS) is used to manage certificates for systems, users, applications, and more in an enterprise environment. Misconfigurations in ADCS can introduce critical vulnerabilities into an enterprise Active Directory environment.

Read the entire post here

Alyssa Snow, Blue Team, External/Internal, General InfoSec Tips & Tricks, How-To, Informational, Red Team

Abusing Active Directory Certificate Services (Part 4)

Start this blog series from the beginning here: PART 1 Misconfigurations in Active Directory Certificate Services (ADCS) can introduce critical vulnerabilities into an Enterprise environment. In this article, we will […]

Read the entire post here

Alyssa Snow, External/Internal, General InfoSec Tips & Tricks, How-To, Informational

Deploy an Active Directory Lab Within Minutes

Creating your own lab can sound like a daunting task. By the end of this blog post, you will be able to deploy your own Active Directory (AD) environment in […]

Read the entire post here

Alyssa Snow, Blue Team, External/Internal, General InfoSec Tips & Tricks, How-To, Informational, LLMNR, Red Team

Bypass NTLM Message Integrity Check – Drop the MIC

In An SMB Relay Race – How To Exploit LLMNR and SMB Message Signing for Fun and Profit, Jordan Drysdale shared the dangers of lack of SMB Signing requirements and […]

Read the entire post here

Alyssa Snow, Blue Team, External/Internal, General InfoSec Tips & Tricks, How-To, Informational, InfoSec 101, Red Team Active Directory, ADCS, exploit

Abusing Active Directory Certificate Services (Part 3)

| Alyssa Snow In PART ONE and PART TWO of this blog series, we discussed common misconfigurations of Active Directory certificate templates. In this post, we will walk through exploitation […]

Read the entire post here

Alyssa Snow, Blue Team, External/Internal, How-To, Informational, Red Team, Red Team Tools Active Directory, exploit

Abusing Active Directory Certificate Services (Part 2)

Misconfigurations in Active Directory Certificate Services (ADCS) can introduce critical vulnerabilities into an Enterprise Active Directory environment, such as paths of escalation from low privileged accounts to domain administrator.

Read the entire post here

How Attackers Use SSH.exe as a Backdoor Into Your Network (5)

Alyssa Snow, Blue Team, External/Internal, How-To, Informational, Red Team, Red Team Tools Active Directory, exploit

Abusing Active Directory Certificate Services (Part 1)

Active Directory Certificate Services (ADCS) is used for public key infrastructure in an Active Directory environment. ADCS is widely used in enterprise Active Directory environments for managing certificates for systems, users, applications, and more.

Read the entire post here

Alyssa Snow, External/Internal, General InfoSec Tips & Tricks, How-To, Informational, Recon, Web App

Gowitness, a Tester’s Time Saver

Alyssa Snow // During an external or internal network penetration test, it can be challenging to comb through each web server in scope to find the juicy stuff. During a […]

Read the entire post here