Fun with LDAP, Kerberos (and MSRPC) in AD Environments

Fun with LDAP, Kerberos (and MSRPC) in AD Environments

Slides from my Track X Thotcon 2018 Workshop entitled:

"Fun with LDAP, Kerberos (and MSRPC) in AD Environments"

If you want the embedded Gifs/Videos to work, I've also shared the raw PPTX on Onedrive (it's ~100MB) here:!Aq5mEA03Lijrg9h-hsezBkUC5qwXag

Hit me up on Twitter if you want any more info: @ropnop
Scripts / tools used on my Github:
Original Abstract:

This workshop will walk through some lesser known reconnaissance and lateral movement techniques when performing penetration tests in Active Directory environments. While tools like Bloodhound and Death Star have automated paths to DA, it's always important to have other tricks in your book and understand how to do things manually. This demo heavy workshop will include: manual LDAP and DNS reconnaissance, practical usage of Kerberos for password guessing and lateral movement, different techniques for code exec with admin privileges, effective relay techniques for unprivileged users, as well as other tips/tricks/one-liners for pentesting AD.



May 05, 2018