Alonso Solano Ramírez’s Post

How to reset multiple users passwords in Active Directory with the AD Pro Toolkit. #activedirectory https://lnkd.in/gneUHBz4

Active Directory isn't going away and 90%+ of Fortune 500 companies still run it. Active Directory will be with us longer than anyone expects. If you are in charge of managing Active Directory, I strongly recommend you watch Andy's video to learn about some great tools that can help secure your environment.

Just in case you missed this! In this episode I dive deep into Windows Server Active Directory to discuss its current state of password policies to determine if they are still fit for purpose. Active Directory is now 24 years old and still in use by 90% of the world’s major corporations in one form or another. Of course Hybrid brings benefits in terms of convenience. But what about the weaknesses in its password policy tools. Features that have not changed in years. In this session I’ll take a look at the challenges that this brings along with possible Microsoft and third party solutions including Specops Password Policy. An awesome platform that, quite frankly surpasses Microsoft in terms of its functionality and flexibility. For more on me visit me at www.Andymalone.org Looking for more? Why not sign up to my Patreon page https://lnkd.in/evcDWMZU For more details on Specops Password Policy check out the details here. https://lnkd.in/e5F35nkx Timecodes 00:00 Introduction & Problem Recap 03:00 Entra ID Password Protection Policy, Oh Dear! 05:14 Active Directory Password Policy Flaws 06:33 Enhancing AD Passwords with Specops Password Policy 14:45 Specops Password Policy from the Windows Client 18:04 Session Conclusion & Next Steps

In this episode I dive deep into Windows Server Active Directory to discuss its current state of password policies to determine if they are still fit for purpose. Active Directory is now 24 years old and still in use by 90% of the world’s major corporations in one form or another. Of course Hybrid brings benefits in terms of convenience. But what about the weaknesses in its password policy tools. Features that have not changed in years. In this session I’ll take a look at the challenges that this brings along with possible Microsoft and third party solutions including Specops Password Policy. An awesome platform that, quite frankly surpasses Microsoft in terms of its functionality and flexibility. For more on me visit me at www.Andymalone.org Looking for more? Why not sign up to my Patreon page https://lnkd.in/evcDWMZU Dive Deeper Tech Days event on the 7th May. Only £99 Per seat for a full days training with some awesome sessions and demos. More details here. https://lnkd.in/ekgcCaaK For more details on Specops Password Policy check out the details here. https://lnkd.in/e-B7ZwiH... Timecodes 00:00 Introduction & Problem Recap 03:00 Entra ID Password Protection Policy, Oh Dear! 05:14 Active Directory Password Policy Flaws 06:33 Enhancing AD Passwords with Specops Password Policy 14:45 Specops Password Policy from the Windows Client 18:04 Session Conclusion & Next Steps

Is your Active Directory Compromised? Here are some indicators of compromise in Active Directory. 1.      Recently added/unknown user accounts. a.      You can use this Powershell cmd to export all users in Active Directory              i.     get-aduser -filter * -properties * |Select -Property Name,DistinguishedName,Enabled,lastLogondate,PasswordNeverExpires,PasswordLastSet |export-csv 2.      Users added to Administrators, Domain Admins, Schema Admins, Enterprise Admins, or other privileged groups. 3.      Rights removed from Privileged Groups. 4.      Recent password resets. If you need help determining if your Active Directory was compromised, email info@adscon.com.

The Active Directory Cleanup Tool will quickly identify stale and inactive users and computers in your Active Directory Domain. Disable, delete, export and move inactive accounts. https://lnkd.in/gMtRrX_h

Unveiling Active Directory Secrets: Uncommon Tricks for Enhanced SecuritySlides:https://lnkd.in/dhv_D42z

You could pay thousands of dollars for Active Directory monitoring tools or you could pay as low as $150 for a tool that will last you forever, no need to renew subscription because is all code. Below script is part of a tool that alerts you when a new user is added to a domain admin group. ASCRIPTAWAY does it again!

I compromised Active Directory! First, it started off with an enumeration phase where I utilized Nmap and Enum4linux to find open services on the domain controller. Then, I enumerated users using Kerbrute. Upon enumeration using Kerbrute, I was able to find users with the privilege "Does not require Pre-Authentication" set. This means that the account does not need to provide valid identification before requesting a Kerberos ticket. With this information, I then used the Impacket tool GetNPUsers[.]py to get the TGT tickets for the AS-REP roastable accounts. Once the hash for the TGT was cracked using Hashcat, I was able to use SMBclient to find shares open on the domain controller. Using the cracked credentials from the TGT hash, I accessed an SMB share that had backup credentials stored on it. Using the new backup credentials, I was able to dump the NTDS.dit file to have essentially full control of the domain. Using Evil-WinRM, I then accessed the Desktop files of each user and captured the flags to complete the room. 😊 This was a great learning experience. If you want to try this room out, it's linked below!

Active Directory Assessment and Privilege Escalation Script ver 2.1:  This script will do the following: • Gather hashes via WPAD, LLMNR, and NBT-NS spoofing • Check for GPP password (MS14-025) • Gather hashes for accounts via Kerberoast • Map out the domain and identify targets via BloodHound • Check for privilege escalation methods • Search for open SMB shares on the network • Search those shares and other accessible directories for sensitive files and strings (Passwords, PII, or whatever your want, really). By default it’s looking for the term “password”. If you wanted to search for CVVs for example, you’d just add it next to ‘password’, e.g. password,cvv • Check patches of systems on the network • Search for file servers • Search attached shares • Gather the domain policy https://lnkd.in/e7DgDY5F