Penetration testers (pen-testers) have long exploited various Windows authentication issues (pass the hash, Mimkatz, etc.) to elevate their privileges, and laterally move in a Windows network. In fact, they often leverage these tricks to eventually get to a Domain Administrator’s credentials. However, doing this used to be a very manual, trial-by-error process. Today’s video covers a DEF CON talk where the presenters shared a new tool to help automated it.
Episode Runtime: 5:06
Direct YouTube Link: https://www.youtube.com/watch?v=pKbN9_6zhKo
- Six Degrees of Domain Admin talk description – DEF CON
- Six Degrees of Domain Admin presentation [PDF] –DEF CON Media
- Download the Bloodhound tool – Github
— Corey Nachreiner, CISSP (@SecAdept)
Leave a Reply