Still Passing the Hash 15 Years Later

Providing all the extra info that didn't make it into the BlackHat 2012 USA Presentation "Still Passing the Hash 15 Years Later? Using the Keys to the Kingdom to Access All Your Data" by Alva Lease 'Skip' Duckwall IV and Christopher Campbell.

Friday, March 3, 2017

Blocking the Lan Turtle / Poison Tap / Bash Bunny and other cruft

›
I've been doing this for a long time.  So I've researched, discovered, implemented, and forgotten a ton of stuff.  I should probably...
2 comments:
Tuesday, February 14, 2017

Password Maths Hurt the Brains

›
Every now and again I find myself figuring out the answers to some math questions related to passwords.  The answer usually revolves around ...
1 comment:
Thursday, June 2, 2016

I'm PKDC, your Personal Kerberos Domain Concierge for the Whatever_domain

›
So in my last post I demonstrated how you can use Samba to replicate a domain and then create a giant keytab full of keys to use.  You can t...
3 comments:
Wednesday, June 1, 2016

*NIX Kerberos + MS Active Directory fun and games

›
So one of my favorite techniques on the Windows side is to use what Benjamin Delpy (@gentilkiwi) called 'overpass the hash' to get a...
Sunday, April 5, 2015

No, Microsoft Hasn't "Fixed" Silver Tickets

›
Contrary to what many folks might think, I don't wait around on the Internet for somebody to be wrong to blog about it.  However, when s...
Saturday, February 14, 2015

Microsoft Finally Releases Guidance and a Script to Change the KRBTGT Account

›
So Microsoft recently released a zipfile which contains both a document and a powershell script that can be used to change the KRBTGT in a d...
Saturday, September 27, 2014

PAC Validation, The 20 Minute Rule and Exceptions (BHUSA 2014 part deux)

›
First off, I apologize for not being quicker about getting this post out.  However, Wasteland 2 came out recently, and I have been playing f...
›
Home
View web version

Contributors

  • Chris
  • Exorcyst
Powered by Blogger.