https://petergabaldon.github.io/Peter GabaldonHacking, Security Researching, Pentesting/Ethical Hacking, Operating Systems... 2023-03-21T20:28:44+01:00 Peter Gabaldon https://petergabaldon.github.io/ Jekyll © 2023 Peter Gabaldon /assets/img/favicons/favicon.ico /assets/img/favicons/favicon-96x96.png Diamond Y Sapphire Tickets2022-10-14T00:00:00+02:00 2023-01-16T19:30:28+01:00 https://petergabaldon.github.io/posts/Diamond-Y-Sapphire-Tickets/ Peter Gabaldon Kerberos Diamond y Sapphire Tickets Como sabes, uno de los enfoques para la persistencia en un entorno Windows Active Directory son las conocidas técnicas Golden Ticket y Silver Ticket. En post explotación, una vez que se tienen suficientes privilegios en un DC, es posible volcar ntds.dit y obtener krbtgt Kerberos Keys. Como sabes, sus claves Kerberos se utilizan para cifrar los TGT y firmar l... Diamond And Sapphire Tickets2022-10-14T00:00:00+02:00 2023-01-16T19:30:28+01:00 https://petergabaldon.github.io/posts/Diamond-And-Sapphire-Tickets/ Peter Gabaldon Kerberos Diamond and Sapphire Tickets As you may known, one of the approaches for persistence in a Windows Active Directory are the well-known techniques Golden Ticket and Silver Ticket. In the post-explotation phase, once you have enough privilege in a DC you could dump ntds.dit and get krbtgt Kerberos Keys. As you know, its Kerberos keys are used for encrypting TGTs and signing PAC. So, havi... Playing With Windows Security - Part 22021-02-21T00:00:00+01:00 2021-06-26T13:11:37+02:00 https://petergabaldon.github.io/posts/Playing-With-Windows-Security-Part-2/ Peter Gabaldon Kerberos Authentication Protocol After the first part at which we talked about authentication in Windows and explained how attacks like Pass-The-Hash works. At this part we are going to analyse Kerberos, a centralized authentication protocol designed by MIT around 1980s. Also they develop krb, the Kerberos Linux (kfw for Windows), implementation. It is not common but you might come with a Linu... Playing With Windows Security - Part 12021-02-04T00:00:00+01:00 2021-06-26T13:27:45+02:00 https://petergabaldon.github.io/posts/Playing-With-Windows-Security-Part-1/ Peter Gabaldon Windows Authentication. In this first part of Windows hacking we will be covering aspects related on how Windows authentication works. I’m coming from Linux ecosystem so sometimes I will try to compare how Windows works vs how Linux does. If it is your case too, comparing Windows internals with Linux one’s could help you (like it was in my case) to better understand some concepts. At the end, ...