Penetration testers (pen-testers) have long exploited various windows authentication issues ( pass the hash , Mimkatz , etc.) to elevate their privileges, and laterally move in a Windows network. In fact, they often leverage these tricks to eventually get to a Domain Administrator’s credentials. However, doing this used to be a very manual, trial-by-error process. Today’s video covers a DEF CON talk where the presenters shared a new tool to help automated it.
Episode Runtime: 5:06
Direct YouTube Link: https://www.youtube.com/watch?v=pKbN9_6zhKo
EPISODE REFERENCES:
Six Degrees of Domain Admin talk description DEF CON Six Degrees of Domain Admin presentation [PDF] DEF CON Media Download the Bloodhound tool Github― Corey Nachreiner, CISSP ( @SecAdept )