Our Blog
Abusing Windows’ tokens to compromise Active Directory without touching LSASS
Reading time:
~34 min
Posted
by aurelien.chalot@orangecyberdefense.com
on
27 October 2022
During an internal assessment, I performed an NTLM relay and ended up owning the NT AUTHORITY\SYSTEM account of the Windows...
Constrained Delegation Considerations for Lateral Movement
Reading time:
~18 min
Posted
by Sergio Lazaro
on
18 May 2022
The abuse of constrained delegation configuration, whereby a compromised domain user or computer account configured with constrained delegation can be...
Building an offensive RPC interface
Reading time:
~28 min
Posted
by aurelien.chalot@orangecyberdefense.com
on
03 August 2021
Using the Windows Remote Procedure Call (RPC) interface is an interesting concept when conssidering the fact that it allows you...
Chaining multiple techniques and tools for domain takeover using RBCD
Reading time:
~27 min
Posted
by Sergio Lazaro
on
09 March 2020
Intro In this blog post I want to show a simulation of a real-world Resource Based Constrained Delegation attack scenario...
Being Stubborn Pays Off pt. 1 – CVE-2018-19204
Reading time:
~13 min
Posted
by Javier Jimenez
on
18 April 2019
Intro During an internal assessment, I came across monitoring software that had default credentials configured. This monitoring software allowed for...
USaBUSe Linux updates
Reading time:
~6 min
Posted
by Rogan Dawes
on
10 March 2017
(If you’re new to this project, read the intro first) For the past few months, I’ve been working on porting...
AutoDane at BSides Cape Town
Reading time:
~6 min
Posted
by Dane Goodwin
on
07 December 2015
Given the prevalence of Microsoft Active Directory domains as the primary means of managing large corporate networks both globally and...
Something about sudo, Kingcope and re-inventing the wheel
Reading time:
~5 min
Posted
by george
on
27 May 2013
Willems and I are currently on an internal assessment and have popped a couple hundred (thousand?) RHEL machines, which was...