RSAT Active Directory Enumeration

by Vince
in Blog
Hits: 303

From the description:  "Remote Server Administration Tools (RSAT) lets IT admins manage Windows Server roles and features from a Windows 10 PC."

RSAT can be used to enumerate the domain from any Windows 10 workstation (probably lower versions too) as long as it's either already installed already or you have local admin access.  I wrote this collection of commands to replace PowerView because outside of lab environments, PowerView won't make it onto the machine without endpoint protection eating it. 

Read more

BadBlood : AD Enumeration Test Environment

by Vince
in Blog
Hits: 331

The description for BadBlood states:  "It is a security tool for Active Directory. Run BadBlood on a domain so that security analysts and engineers can practice using tools to gain an understanding and prescribe to securing Active Directory.  Each time this tool runs, it produces different results. The domain, users, groups, computers and permissions are different."

I think that pretty much sums it up and the point is that we don't often get to work on large test environments and this creates large, unique, environments, that we can use to hone our craft.

Read more

Crunch : Office365 Passwords

by Vince
in Blog
Hits: 281

The definition states:  "Crunch is a wordlist generator where you can specify a standard character set or a character set you specify.  Crunch can generate all possible combinations and permutations."

Crunch is useful for generating wordlists and it's especially useful when you want to generate wordlists with patterns.  For example, while setting up Office365 accounts, I let the web mechanism generate passwords.  The standard generated password sets the first character as uppercase alpha, followed by two lowercase alphas, ending with a five digit number. 

Read more