articles

DefinitionThe NTLM protocol is an old authentication protocol used by Windows machines to authenticate at domain or network level. It’s a Challenge / Response protocol, so it lets you authenticate to a server without the password ever passing over the network. This protocol is widely used by companies in conjunction with the Kereberos protocol. Only companies with a good cyber maturity no longer use it, as it’s not easy to do without. How it worksWhen a client wants to authenticate to a ...

DefinitionA very simple attack to retrieve credentials stored in the SYSVOL share, which can be used to gain a shell or escalate privileges. A GPP (Group Policy Preference) is an old-fashioned feature that lets you configure preferences on machines in an Active Directory. Unlike GPOs, GPPs are not strictly applied to machines in an AD domain, and allow users to modify settings after they have been applied. GPPs are often used for : Create desktop shortcuts Configure network drives automatic...

A Golden ticket attack is a specific type of attack on the kerberos authentication protocol. Kerberos is used to securely authenticate users and services on a network. What is a Golden ticket attack?The Golden ticket attack exploits the way Kerberos works, and in particular the generation of the TGT by the KDC. If an attacker gains access to the krbtgt account, the account used by the KDC to sign TGTs, an attacker can create fake tickets known as “Golden Tickets”. These tickets allow an attac...