Questions tagged [active-directory]
Active Directory (AD) is a directory service created by Microsoft for Windows domain networks. It provides a central location for network administration and security.
271 questions
3votes
1answer
1kviews
Can a public certificate provider impersonate an AD?
I do not know much about how MS Windows interprets client certificates but I was faced with a statement I have a hard time integrating. The context: organization EXAMPLE has an Active Directory and an ...
- 9,218
1vote
0answers
41views
Separate DNS servers for non-domian hosts and users
In our organization we have 2 Active Directory DCs which also uses as DNS servers for all our infrastructure (user PCs, domain and non-domain servers, wi-fi clients, vpn users). I have doubts about ...
3votes
0answers
99views
How does Windows store interactive logon credentials in memory in a domain environment?
I’m trying to understand how a user’s domain credentials are stored in the LSASS (Local Security Authority Subsystem Service) process after performing an interactive logon, such as through RDP (Remote ...
- 31
3votes
0answers
115views
Is the AS-REQ Kerberoast attack on AD a violation of Kerberos RFCs?
The new Kerberos AS-REQ-requested attack is somewhat different from a normal Kerberoast, in that instead of requesting a Service Ticket (for offline cracking) via a normal TGS-REQ, it's requested via ...
- 131
1vote
0answers
86views
Can brute-force login attacks bypass AD protections if an application's internal brute-force defense is not enforced? [closed]
I was informed by an entity that their hospital information system relies on Active Directory (AD) for user authentication, with AD configured to detect brute-force login attempts. However, the ...
- 21
0votes
1answer
102views
Virtual machine as Secure Admin Workstation?
I would like to use a dedicated machine to perform administrative tasks in my company network, which are: Using RSAT to administer the Active Directory domain Using SSH to connect some Linux servers ...
0votes
0answers
59views
Administrator escalating to SYSTEM in the normal course of things
I am learning about interacting with Kerberos from a programming standpoint and have been recreating some of Rubeus's functions as a way of learning (because what better open source program is there ...
- 531
2votes
0answers
233views
Why is presence of SPN on an account causing Kerberos "failed to decrypt" error (KRB_AP_ERR_MODIFIED)
I am in a corporate environment with on-premises AD on the company.com domain. We have an AWS VPC hosting some .Net APIs in IIS - the domain these are in is companycloud.com. These APIs are all on the ...
- 141
2votes
1answer
62views
Opening PowerShell (PS) session with Service Tickets (STs)
I am solving Tryhackme> Exploiting Active Directory > Task 3. At very last, how new powershell session is opening with the dumped STs? He typed this command... PS> New-PSSession -ComputerName ...
- 85
2votes
0answers
115views
Getting reverse shell as another user
I'm performing Overpass the hash attack @ TryHackMe > CompTIA Pentest+ > Attacks and Exploits > Lateral Movement and Pivoting > Task 3 > Let's Get to Work! I dumped Key of my target ...
- 85
2votes
2answers
179views
Is Kerberos Constrained Delegation (KCD) deprecated?
Referred to the official microsoft documentation on KCD where they are using the terms KCD & Resource Based Constrained Delegation (RBCD) almost interchangeably which got me confused. They have ...
- 85
0votes
0answers
498views
Impossible NTLMv2 hash format with Responder lm option
While doing an internal assessment, I stumbled upon a very weird looking NTLMv2 hash (I will not use the "Net-NTLM" terminology but I'm talking about the NTLM protocol ) while using ...
- 1
0votes
1answer
110views
How lssas.exe store users hash?
Does lssas.exe store local and domain account user hashs and if lssas.exe store hash on memory, when I reboot computer attacker could not get older login user hashs right? But when I dump lssas.exe ...
- 13
0votes
0answers
81views
domain (active directory) machines accessible via web
I recently stumbled across customer machines (windows server) that were part of the customers active directory domain and also had IIS applications accessible for the www. I only have the vague ...
- 101
0votes
1answer
217views
It is possible to receive ntlm response with ipv6. What about ipv4?
I performed ntlm relay attack with mitm6 and ntlmrelayx. I used mitm6 for dns spoofing. When the victim sent a query containing where the DHCP is located, I identified myself as the DHCP server. Then ...
- 13
