On the previous post (Goad pwning part11) we tried some attacks path with ACL. This post will be on escalation with domain trust (from child to parent domain) and on Forest to Forest trust lateral ...

On the previous post (Goad pwning part10) we did some exploitation by abusing delegation. On this blog post, we will have fun with ACL in the lab. In active directory, objects right are called Acc...

On the previous post (Goad pwning part9) we done some lateral move on the domain. Now let’s try some delegation attacks. Here i will just demonstrate the exploitation, if you want to understand th...

The v2022_11 AD mindmap is now available : Full view is available on orange cyberdefense mindmap site : https://orange-cyberdefense.github.io/ocd-mindmaps/img/pentest_ad_dark_2022_11.svg Upgrad...

In the previous post (Goad pwning part8) we tried some privilege escalation techniques. Today we will talk about lateral move. Lateral move append when you already pwned a computer and you move fro...

TL;DR; Infos On a recent pentest we faced an interesting scope with full up to date products and without any credentials. After spend some time on bruteforce dns, folders, all the login form ...

In the previous post (Goad pwning part7) we tried some attacks with MSSQL on the domain. This time we will get a web shell on IIS and try some privilege escalation techniques. IIS - webshell T...

In the previous post (Goad pwning part6) we tried some attacks with ADCS activated on the domain. Now let’s take a step back, and go back on the castelblack.north.sevenkingdoms.local to take a look...

In the previous post (Goad pwning part5) we tried some attacks with a user account on the domain. On this part we will try attacks when an ADCS is setup in the domain. First we will use petitpotam ...

In the previous post (Goad pwning part4) we played with relay ntlm. During this article we will continue to discover what can be done using a valid domain account Here we will only try samAccoun...