Red Teaming

AD Certificate Exploitation: ESC1

AD CS ESC1 Certificate Exploitation is a critical vulnerability in Active Directory Certificate Services. In this article, we will explores how misconfigured certificate templates can

Red Teaming

Credential Dumping: GMSA

ReadGMSAPassword Attack is a technique where attackers abuse misconfigured Group Managed Service Accounts (gMSA) to retrieve their passwords. In Active Directory, ReadGMSAPassword should only be

Red Teaming

Shadow Credentials Attack

To begin with, this post explores the exploitation technique known as the Shadow Credentials attack. This attack leverages the mismanagement or exploitation of Active Directory

Red Teaming

Abusing AD-DACL: AddSelf

In this post, we explore AddSelf Active Directory abuse, a common misconfiguration involving Discretionary Access Control Lists (DACL). Specifically, by exploiting the AddSelf permission, attackers