Bloodhound and Active Directory fortifying mechanism

  • Misconfigurations that could allow further compromise, such as lack of SMB signing.
  • Password policies
  • Opportunities for lateral movement via misconfigurations of remote access policies and UAC
  • Privilege Assignment
  • Sessions
  • ACL’s
  • Unconstrained delegation
  • Shorten paths to domain admins
  • Computer’s name
  • Group’s name
  • Domain’s name
  • Wave — The number speaking to the request where this hub was possessed (ex: 1, 2, 3, etc.)
Fig-1: Representation of connection to nodes.
Fig-2: Representation of the shortest attack path defined using Bloodhound.
Fig-3: Vulnerable system path identification
Fig-4: Admin and Member vulnerable path.
Fig-5: Custom query tab
  • Find Shortest Paths from claimed hub to Domain Admins: Same as the “Find Shortest Paths to domain Admins” inquiry, yet rather just show ways starting from a possessed hub.
  • Show wave: Show just the hubs traded off in a chose wave. Valuable for concentrating in on recently undermined hubs.
  • Show delta for wave: Show all undermined hubs up to a chose wave, and will feature the hubs picked up in that wave. Valuable for picturing benefit gains as access extends.

Wanna connect:

Linkedin: https://www.linkedin.com/in/akshay-jain-533a79111/

--

--

--

Mr Akuma | cyber security enthusiast |Secuirty Noob

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

How To Vote on OceanDAO

Top 10 Banking APIs: How to Make Your App and Transactions more secure in 2019?

Tryhackme — HackPark writeup (Windows)

Staking MUSD & Receiving up to 12% in APR

Staying safe in the crypto space: Best security practices.

[Metasploit]Upgrade Normal Shell To Meterpreter Shell

{UPDATE} Las Vegas Hot Slots - Hit The Lucky Triple Seven To Win The Jackpot Hack Free Resources…

How Dr. Jessica Barker Brought Positivity Into Cybersecurity

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Akshay Jain

Akshay Jain

Mr Akuma | cyber security enthusiast |Secuirty Noob

More from Medium

Security Misconfigurations

Red Team vs Blue Team

Weekly Newsletter on Cybersecurity (DevSecOps Tools) — Issue #4