Penetration Tests and/or Red Team Engagements are usually aimed at getting the highest level of privileges in an organization’s Active Directory domain aka Domain Admin. However, what most teams miss or simply ignore is the fact that there are things that can be done even when you have obtained Domain Admin privilege. This talk’s primary focus will be on persistence techniques from a Red Team’s perspective. Even though these techniques have been somewhat touched upon in the past, they are still ignored by most security professionals both on the offensive as well as the defensive side which make these avenues not only easy to exploit but highly difficult to be identified.
The topics which will be covered in this presentation include:
- Understanding how Kerberos authentication works
- A brief summary of Golden and Silver Ticket attacks
- Explanation of the AdminSDHolder Modification Attack and why it is more lethal than it seems
- Understanding DSRM Persistence Attack
- Understanding Skeleton Key Persistence Attack