In Part 1 we explored how one could go about discovering and mapping the LAPS configuration in a domain. In this part, we’ll look at various ways LAPS can be abused for persistence purposes.
Where a 10-year old backup can fcuk you in the ass…
This short post demonstrates how it may be possible to pivot into a segregated/protected network, via an RDP Jump Box.
Deploying resiliant Red Team infrastructure can be quite a time consuming process. This wiki maintained by Steve Borosh and Jeff Dimmock is probably the best public resource I’ve seen in regards to design considerations and hardening tips.
For someone like myself, who destroys and stands fresh infrastructure up for each engagement, building everything by hand is a long, laborious process. Anything that can be automated is a good thing.
Computer viruses have been around since as early as the 1970’s - the eternal battle between virus creators and antivirus solutions continues to wage over 40 years later.
I recently completed an adversary simulation and thought I would write a short post about some of my experiences.