4 Credential Access in Domain

It was difficult to choose the order of Chapters 4, 5 and 6, as they are all closely interconnected. We are not going to cover how to dump secrets from the host (LSASS, DPAPI, Credential Manager, etc.). Instead, we will keep our focus on Active Directory. This chapter starts with discussing ways to obtain credentials in clear text in the domain. Then, we will explore various techniques to capture the hash, such as forced authentication and poisoning. Relay will be covered later in Chapter 5, Lateral Movement. After that will be an introduction to the Kerberos authentication protocol and different styles of roasting the three-headed dog. Finally, we will discuss native security mechanisms for password management, ...

Get Pentesting Active Directory and Windows-based Infrastructure now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Pentesting Active Directory and Windows-based Infrastructure by Denis Isakov

4

Credential Access in Domain

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly