GPO Abuse - Part 2

Before we can really dive into modifying GPOs, we need to try and understand some of the intricacies of how they’re updated normally in GPMC and AD. Because believe me, it aint as simple as it appears.
Continue reading

LAPS - Part 2

In Part 1 we explored how one could go about discovering and mapping the LAPS configuration in a domain. In this part, we’ll look at various ways LAPS can be abused for persistence purposes.
Continue reading

LAPS - Part 1

I suspect the majority of folk are familiar with the “Local Administrator Password Solution” (LAPS) from Microsoft. If not, the tl;dr is that it: periodically changes the local admin account password stores the password in a extended attribute of the computer object in AD allows password read & reset permissions to be delegated to AD users/groups More detailed information can be found here, here and here. The purpose of this post, is to put together a more complete end-to-end process for mapping out the LAPS configuration in a domain.
Continue reading

Author's picture

Rasta Mouse

Taylor Swift fan, wannabe Red Teamer & 1337 hax0r (in that order).

Penetration Tester