Clik here to view.
Trusts You Might Have Missed
How often do you investigate trust relationships between Windows domains during a penetration test? You may have domain admin or other privileged access on your target and not even know it. Abusing...
View ArticleClik here to view.
Domain Trusts: Why You Should Care
Red teams have been abusing Windows domain trusts for years with great success, but the topic is still underrepresented in public infosec discussions. While the community has started to talk more about...
View ArticleClik here to view.
Domain Trusts: We’re Not Done Yet
A few months ago, my colleague @sixdub and I presented our talk “Trusts You Might Have Missed” at BSides Chicago (the slides are posted here). We covered a lot of information that we’ve talked about in...
View ArticleClik here to view.
The Trustpocalypse
I’ve talked about domain trusts more than many people probably care about. A few weeks ago I posted “Domain Trusts: We’re Not Done Yet” – apparently there’s even more! I’ve said before that trusts will...
View ArticleClik here to view.
Mimikatz and DCSync and ExtraSids, Oh My
Edit: Benjamin reached out and corrected me on a few points, which I’ve updated throughout the post. Importantly, with the ExtraSids (/sids) for the injected Golden Ticket, you need to specify...
View ArticleClik here to view.
A Pentester’s Guide to Group Scoping
Scopes for Active Directory groups were always a bit murky for me. For anyone with an AD sysadmin background, this topic is probably second nature, but it wasn’t until I read this SS64 entry that...
View ArticleClik here to view.
A Guide to Attacking Domain Trusts
It’s been a while (nearly 2 years) since I wrote a post purely on Active Directory domain trusts. After diving into group scoping, I realized a few subtle misconceptions I previously had concerning...
View Article
