Pentesting Active Directory – stealing hashes

It has been a while since i have updated the website with a new blog.

In april i have passed the eCPPT exam which made me hungry for more. the exam was challenging as well and i found it very useful.

Eventually i will try to pass the OSCP but first i am going to learn for the CISSP exam which i think will be very hard.

In the meantime i am focussing on pentesting the Active Directory on very different manners and i will try to blog this for myself and future followers.

The first part i am going to explain how you can steel hashes in a Windows environment.

My AD-Hack-LAB contains:

  • Windows server 2016 (adhack.lab Domain Server, 192.168.10.10)
  • Windows 10 computer (domain joined as WIN10PC1, 192.168.10.20)
  • Windows 10 computer (domain joined as WIN10PC2 192.168.10.30)
  • Windows 10 computer (not domain joined (WIN10PC3, 192.168.10.40)
  • Kali linux 2019.1 (AttackerPC, 192.168.10.60)
Continue Reading

Kioptrix Level 1 vulnhub

In preparation of my eCPPT and OSCP course i am trying to solve some boot2root machines. Today i am working on Kioptrix level 1.

Continue Reading

Petya / NotPetya ransomware

Petya/NotPetya

So everyone heard the news about a new ransomware with the name Petya/NotPetya.

Statics over the last couple of days has shown that this ransomware was not designed to make money. It was designed to make as much damage as possible according thehackernews.com

What Petya is and does can be found here on the Microsoft Technet blog

Continue Reading