Press "Enter" to skip to content

Month: September 2014

Derbycon + PowerShell Weaponization

Derbycon Wrapup This past Friday, my boss (@davidpmcguire) and I had the awesome experience of speaking at Derbycon 4.0. Our talk was titled “Passing the Torch: Old School Red Teaming, New School Tactics?“. The slides have been uploaded here and the video was recorded and posted here by the much appreciated @irongeek_adc. In the talk we covered our interpretation of red team operations, and went over five tactical areas applicable to red team engagements. In each section, we covered the background on the tradecraft, went over the ‘old school’ way of achieving a specific goal, and then showed the ‘new school’ implementations of the same tactics.…

Trusts You Might Have Missed

[Edit 8/13/15] – Here is how the old version 1.9 cmdlets in this post translate to PowerView 2.0: Get-NetForestTrusts  ->  Get-NetForestTrusts Get-NetForestDomains  ->  Get-NetForestDomain Get-NetDomainTrust  ->  Get-NetDomainTrust How often do you investigate trust relationships between Windows domains during a penetration test? You may have domain admin or other privileged access on your target and not even know it. Abusing active directory trust relationships is an effective tactic to expand access both during penetration tests and red team engagements. In this post, I’ll offer some background on domain trusts, how to enumerate and abuse them, and describe how PowerView‘s features can help you…