Some thoughts about Kerberos Golden Tickets

Recently i’ve worked on a cybersecurity incident that involved the use of Silver Tickets on Kerberos.


I think may be useful a brief recap about this attack technique.

Continue reading “Some thoughts about Kerberos Golden Tickets”

Abusing Microsoft Exchange for privilege escalation: any user may obtain Domain Admin privileges

The security expert Dirk-jan Mollema discovered a privilege escalation vulnerability in Microsoft Exchange that could be exploited by a user to become a Domain Admin.

Continue reading “Abusing Microsoft Exchange for privilege escalation: any user may obtain Domain Admin privileges”

Analysing Active Directory event logs to identify compromised accounts

During investigation in a security incident, event log analysis is a key element.

Continue reading “Analysing Active Directory event logs to identify compromised accounts”