Cyber Security

Windows Management Instrumentation (WMI) provides a unique interface to manage a local or remote network or computer and thus can be used by both Red and Blue Teams.

MSSQL Servers integrate right out the box with Windows and Active Directory Domains. Consequently, there are trust relationships wich we can be leveraged from an attacker perspective.

Active Directory forests are the highest level of security boundary for network objects in the Active Directory tree and forest structure. Within this Active Directory hierarchy, a forest is considered the most important logical container in an Active Directory configuration.

Trusts are relationships between domains or forests which allows users of one domain or forest to access resources in the other domain or forest.

Domain persistence consists of techniques that adversaries use to maintain access the Active Directory environment across restarts, changed credentials, and other interruptions that could cut off their access.

Mimikatz is an open-source application that allows users to view and save authentication credentials such as Kerberos tickets. The toolset works with the current release of Windows and includes a collection of different network attacks to help assess vulnerabilities.

Once an adversary has gained an initial foothold in the network, they will seek to escalate their privileges and compromise additional systems to locate sensitive data and other critical resources.

Lateral movement refers to the techniques that an attacker can use, after gaining initial access, to move deeper into a network in search of sensitive data and other high-value assets.

Domain enumeration is the process of extracting information from the Active Directory like enumerating the users, groups, and other interesting fields and resources.