Our Blog

Guest vs Null session on Windows

Reading time: ~9 min
If you have been doing internal assessments on Active Directory infrastructure you may have heard the following words: “Null session”,...

Constrained Delegation Considerations for Lateral Movement

Reading time: ~18 min
The abuse of constrained delegation configuration, whereby a compromised domain user or computer account configured with constrained delegation can be...

DirectAccess and Kerberos Resource-based Constrained Delegation

Reading time: ~8 min
Background Are you tired of working from home due to COVID? While this is quite a unique situation we find...

ACE to RCE

Reading time: ~20 min
tl;dr: In this writeup I am going to describe how to abuse a GenericWrite ACE misconfiguration in Active Directory to...

Attacking smart cards in active directory

Reading time: ~10 min
Introduction Recently, I encountered a fully password-less environment. Every employee in this company had their own smart card that they...

Chaining multiple techniques and tools for domain takeover using RBCD

Reading time: ~27 min
Intro In this blog post I want to show a simulation of a real-world Resource Based Constrained Delegation attack scenario...

A new look at null sessions and user enumeration

Reading time: ~23 min
Hello, TLDR; I think I found three new ways to do user enumeration on Windows domain controllers, and I wrote...

AutoDane at BSides Cape Town

Reading time: ~6 min
Given the prevalence of Microsoft Active Directory domains as the primary means of managing large corporate networks both globally and...