ADCS Attack Paths in BloodHound — Part 3
ADCS Attack Paths in BloodHound — Part 3In Part 1 of this series, we explained how we incorporated Active Directory Certificate Services (ADCS) objects into BloodHound and demonstrated how to effectively use BloodHound to identify attack paths, including the ESC1 domain escalation technique. Part 2 covered the Golden Certificates and the ESC3 techniques.In ... Read More
ADCS Attack Paths in BloodHound — Part 2
ADCS Attack Paths in BloodHound — Part 2In Part 1 of this series, we explained how we incorporated Active Directory Certificate Services (ADCS) objects into BloodHound and demonstrated how to effectively use BloodHound to identify attack paths including the ESC1 abuse technique.In this blog post, we will continue to explore more of the ... Read More
Pwned by the Mail Carrier
How MS Exchange on-premises compromises Active Directory and what organizations can do to prevent that.At SpecterOps, we recommend our customers establish a security boundary around their most critical assets (i.e., Tier Zero) of Active Directory (AD). We help them find and remediate the attack paths that cross this security boundary with ... Read More
ADCS ESC13 Abuse Technique
It is possible to configure an Active Directory Certificate Services (ADCS) certificate template with an issuance policy having an OID group link to a given AD group. This configuration makes AD treat principals authenticating with a certificate of this template as members of the group, even though the principals are ... Read More
ADCS Attack Paths in BloodHound — Part 1
ADCS Attack Paths in BloodHound — Part 1Since Will Schroeder and Lee Christensen published the Certified Pre-Owned whitepaper, the BloodHound Enterprise team at SpecterOps has been eager to implement Active Directory Certificate Services (ADCS) attack paths in BloodHound. However, the complexity of ADCS presented challenges in creating simple-to-use BloodHound edges for covering ADCS ... Read More
What is Tier Zero — Part 2
What is Tier Zero — Part 2Round 2!This is Part 2 of our webinar and blog post series Defining the Undefined: What is Tier Zero.In Part 1, we gave an introduction to the topic and explained why the reader should care. We discussed Microsoft’s original list of Tier Zero Active Directory (AD) groups, and ... Read More
What is Tier Zero — Part 1
What is Tier Zero — Part 1Tier Zero is a crucial group of assets in Active Directory (AD) and Azure. Its purpose is to protect the most critical components by creating a security boundary and preventing a complete compromise.Defining Tier Zero for your environment is not a straightforward task. It involves examining various ... Read More
FOSS BloodHound 4.3.1 release
We are excited to share the release of BloodHound version 4.3.1. We have accepted a lot of pull requests made by BloodHound users for bug fixes and cool improvements in this release. We are super grateful for the continued support and contributions from our dedicated community. Together, we are making ... Read More
Establish security boundaries in your on-prem AD and Azure environment
Preventing escalation from initial access in your Active Directory (AD) environment to Domain Admins can feel impossible, especially after years of successful red team engagements finding new attack paths each time. While securing your critical assets is challenging, it is not impossible with the right approach.This blog post provides a ... Read More