Find the best attack based on Victim’s PC Operation System (OS Build) and the current situation

Which, among other things, is taken into account?

• Is the Victim a local admin on the Victim PC?
• Is the Victim PC member of the Domain Admins or Account Operators?
• Client for currently cached Kerberos tickets?
• Does this Client/User have access to c$ share on Admin PC?
• Is the Windows authentication protocol WDigest supported?
• Is Pass-the-Hash Attack supported?
• Is the Helpdesk User & Domain Admin member of the Protected Users Security Group?
• Is Forge Authentication Certificates Attack supported?
• Is a risky CA Template available?
• Found at least one administrative account with Service Principal Names (SPNs)?

CURRENT SITUATION – FROM THE ATTACKER’S PERSPECTIVE:

.

I gave this session during the HIP Germany 2022 in October 2022.

Summary

Bekanntlich wird das Active Directory bei rund 90 % der aktuellen Cyberangriffe als Angriffsfläche genutzt.

Notes

Bekanntlich wird das Active Directory bei rund 90 % der aktuellen Cyberangriffe als Angriffsfläche genutzt.

In meiner Live Demo „Attack Scenario along the Cyber Kill-Chain” zeige ich euch einen typischen Cyberangriff basierend auf den Attack Vektoren:

• Password Spray
• Reconnaissance
• Lateral Movement
• Data Exfiltration & Encryption
• Domain dominance

Here you find my recording, which shows AS2Go v2.1 and my presentation.