Deceptive-Auditing is a tool that deploys Active Directory honeypots and automatically enables auditing for those honeypots.

The post Deceptive-Auditing: An Active Directory Honeypots Tool appeared first on Black Hills Information Security, Inc..

This is the third in a three-part series of blog posts discussing how to abuse Kerberos delegation! If you haven't already, feel free to read the first blog post, as they discuss the Kerberos authentication process and how delegation plays an important role in solving the double-hop problem, and how to abuse unconstrained delegation.

The post Abusing Delegation with Impacket (Part 3): Resource-Based Constrained Delegation appeared first on Black Hills Information Security, Inc..

This is the second in a three-part series of blog posts discussing how to abuse Kerberos delegation! If you haven't already, feel free to read the first blog post, as it discusses the Kerberos authentication process and how delegation plays an important role in solving the double-hop problem.

The post Abusing Delegation with Impacket (Part 2): Constrained Delegation appeared first on Black Hills Information Security, Inc..

In Active Directory exploitation, Kerberos delegation is easily among my top favorite vectors of abuse, and in the years I’ve been learning Kerberos exploitation, I’ve noticed that Impacket doesn’t get nearly as much coverage as tools like Rubeus or Mimikatz.

The post Abusing Delegation with Impacket (Part 1): Unconstrained Delegation appeared first on Black Hills Information Security, Inc..

Active Directory Certificate Services (ADCS) is used to manage certificates for systems, users, applications, and more in an enterprise environment. Misconfigurations in ADCS can introduce critical vulnerabilities into an enterprise Active Directory environment.

The post Detecting ADCS Privilege Escalation appeared first on Black Hills Information Security, Inc..

TL;DR If you only have access to a valid machine hash, you can leverage the Kerberos S4U2Self proxy for local privilege escalation, which allows reopening and expanding potential local-to-domain pivoting paths, such as SEImpersonate!

The post Abusing S4U2Self for Active Directory Pivoting appeared first on Black Hills Information Security, Inc..

In this video, Kent Ickler and Jordan Drysdale discuss Attack Tactics 9: Shadow Credentials for Primaries, focusing on a specific technique used in penetration testing services at Black Hills Information Security

The post Attack Tactics 9: Shadow Creds for PrivEsc w/ Kent & Jordan appeared first on Black Hills Information Security, Inc..

| Alyssa Snow In PART ONE and PART TWO of this blog series, we discussed common misconfigurations of Active Directory certificate templates. In this post, we will walk through exploitation […]

The post Abusing Active Directory Certificate Services (Part 3) appeared first on Black Hills Information Security, Inc..

Misconfigurations in Active Directory Certificate Services (ADCS) can introduce critical vulnerabilities into an Enterprise Active Directory environment, such as paths of escalation from low privileged accounts to domain administrator.

The post Abusing Active Directory Certificate Services (Part 2) appeared first on Black Hills Information Security, Inc..

Active Directory Certificate Services (ADCS) is used for public key infrastructure in an Active Directory environment. ADCS is widely used in enterprise Active Directory environments for managing certificates for systems, users, applications, and more.

The post Abusing Active Directory Certificate Services (Part 1) appeared first on Black Hills Information Security, Inc..

Kent Ickler // It’s been over two years since Jordan and I talked about a Blue Team’s perspective on Red Team tools.   A Blue Team’s Perspective on Red Team Hack […]

The post PlumHound Reporting Engine for BloodHoundAD appeared first on Black Hills Information Security, Inc..

BHIS’ Defensery Driven Duo Delivers Another Delectable Transmission! We know you are worried about your networks. After hours of discussion, we’ve come to the realization that some of our dedicated […]

The post Webcast: Let’s Talk About ELK Baby, Let’s Talk About You and AD appeared first on Black Hills Information Security, Inc..

Click on the timecodes to jump to that part of the video (on YouTube) Slides for this webcast can be found here: https://www.blackhillsinfosec.com/wp-content/uploads/2020/09/SLIDES_WeaponizingActiveDirectory.pdf 0:54 Background behind this webcast, what and […]

The post Webcast: Weaponizing Active Directory appeared first on Black Hills Information Security, Inc..

For this podcast we cover a couple of different topics. First, we talk about how to password spray in a non-attributable sort of way. Beau found a way to obfuscate […]

The post PODCAST: RDP Logging Bypass and Azure Active Directory Recon appeared first on Black Hills Information Security, Inc..

For this webcast we cover a couple of different topics. First, we talk about how to password spray in a non-attributable sort of way. Beau found a way to obfuscate […]

The post WEBCAST: RDP Logging Bypass and Azure Active Directory Recon appeared first on Black Hills Information Security, Inc..

Mike Felch // With so many Microsoft technologies, services, integrations, applications, and configurations it can create a great deal of difficulty just to manage everything. Now imagine trying to secure […]

The post Red Teaming Microsoft: Part 1 – Active Directory Leaks via Azure appeared first on Black Hills Information Security, Inc..

// Jordan Drysdale and Kent Ickler talk about Best Practices for setting up Active Directory. Bre joins as fake Sierra to host and ask questions from the audience since real […]

The post PODCAST: Active Directory Best Practices that Frustrate Pentesters appeared first on Black Hills Information Security, Inc..

Kent Ickler & Jordan Drysdale // BHIS Webcast and Podcast This post accompanies BHIS’s webcast recorded on August 7, 2018, Active Directory Best Practices to Frustrate Attackers, which you can view below. […]

The post Active Directory Best Practices to Frustrate Attackers: Webcast & Write-up appeared first on Black Hills Information Security, Inc..

Kent Ickler // Link-Local Multicast Name Resolution (LLMNR) This one is a biggie, and you’ve probably heard Jordan, John, me, and all the others say it many many times. LLMNR […]

The post How To Disable LLMNR & Why You Want To appeared first on Black Hills Information Security, Inc..

CJ Cox // We frequently get requests from customers asking us if we provide consultation defending their systems. The other day I got a question from a customer asking us […]

The post How to Build Super Secure Active Directory Infrastructure* appeared first on Black Hills Information Security, Inc..