Exploiting Misconfigured ADCS: ESC8

preview_player
Показать описание
Corrections:
At 4:32, it is using that certificate of the machine account.

Commands Used:
4) lsadump::dcsync /domain:BERSERK.local /all /csv
  1. Thatquietkid
  2. ESC8
  3. ADCS
  4. Exploiting ESC8
  5. Exploiting Misconfigured ADCS ESC8
Рекомендации по теме
Exploiting Misconfigured ADCS: 0:14:56

Exploiting Misconfigured ADCS: ESC8

Exploiting Misconfigured ADCS: 0:12:08

Exploiting Misconfigured ADCS: ESC8 (PART 2)

NTLM relay to 0:38:26

NTLM relay to AD CS ESC8 Tutorial | Exploit Active Directory Certificate Services

AD CS ESC1 0:16:39

AD CS ESC1 Privilege Escalation Tutorial | Exploit Active Directory Certificate Services

AD CS ESC4 0:15:31

AD CS ESC4 Privilege Escalation Tutorial | Exploit Active Directory Certificate Services

ESC8 | How 0:05:32

ESC8 | How ADCS Vulnerabilities Target Users (and Why You Should Care)

ReCertifying Active Directory 0:40:19

ReCertifying Active Directory Certificate Services

ESC8 | NTLM 1:04:50

ESC8 | NTLM Relay & PetitPotam: The ADCS Attack You NEED To Know

ESC8 | Why 0:19:34

ESC8 | Why Your Company's ADCS is Getting HACKED (Part 2)

Attacks on Active 0:45:31

Attacks on Active Directory Certificate Services (AD CS) Explained - Ryan Zagrodnik | CypherCon 7.0

Certified Pre-Owned: Abusing 0:34:53

Certified Pre-Owned: Abusing Active Directory Certificate Services

Exploiting Vulnerable Active 0:21:10

Exploiting Vulnerable Active Directory Certificate Template: ESC1

PetitPotam | NTLM 0:16:59

PetitPotam | NTLM Relay Attacks | AD CS | Mimikatz | Rubeus | Domain Takeover

Webinar Defending Against 0:22:37

Webinar Defending Against Storm-1811 - Insights from a Real-Time Attack Mitigation

TROOPERS24: The Red 0:51:03

TROOPERS24: The Red Teamer’s Guide to Deception

Комментарии
Автор

How did you know that the endpoint for ntlmrelayx was /certsrv/certfnsh.asp? Or is it that way by default? Thanks.

pablograffigna
join shbcf.ru