Ahmed
@mawg0ud.bsky.social
A Researcher by Day • Coffee Connoisseur by Passion • An Insatiable Explorer of the Written Word.
🔒Bonus: Zerologon (CVE-2020–1472):
This vulnerability lets attackers control Domain Controllers by resetting the krbtgt password.
Patch your systems to avoid this!
#infosec #Bug #Zerologon
This vulnerability lets attackers control Domain Controllers by resetting the krbtgt password.
Patch your systems to avoid this!
#infosec #Bug #Zerologon
February 18, 2025 at 2:32 PM
🔒Bonus: Zerologon (CVE-2020–1472):
This vulnerability lets attackers control Domain Controllers by resetting the krbtgt password.
Patch your systems to avoid this!
#infosec #Bug #Zerologon
This vulnerability lets attackers control Domain Controllers by resetting the krbtgt password.
Patch your systems to avoid this!
#infosec #Bug #Zerologon
10/10 Active Directory Misconfigurations:
Weak policies, overprivileged accounts, no MFA - all these can be exploited. Regular audits & patches are your best defense!
#AD #MFA #infosec #bug #cybersecurity
Weak policies, overprivileged accounts, no MFA - all these can be exploited. Regular audits & patches are your best defense!
#AD #MFA #infosec #bug #cybersecurity
February 18, 2025 at 2:32 PM
10/10 Active Directory Misconfigurations:
Weak policies, overprivileged accounts, no MFA - all these can be exploited. Regular audits & patches are your best defense!
#AD #MFA #infosec #bug #cybersecurity
Weak policies, overprivileged accounts, no MFA - all these can be exploited. Regular audits & patches are your best defense!
#AD #MFA #infosec #bug #cybersecurity
9/10 LSASS Dumping:
Using tools like Mimikatz, attackers can dump LSASS memory to steal passwords & tickets.
It's all about memory access.
#LSASS #CredentialDumping #Mimikatz
Using tools like Mimikatz, attackers can dump LSASS memory to steal passwords & tickets.
It's all about memory access.
#LSASS #CredentialDumping #Mimikatz
February 18, 2025 at 2:32 PM
9/10 LSASS Dumping:
Using tools like Mimikatz, attackers can dump LSASS memory to steal passwords & tickets.
It's all about memory access.
#LSASS #CredentialDumping #Mimikatz
Using tools like Mimikatz, attackers can dump LSASS memory to steal passwords & tickets.
It's all about memory access.
#LSASS #CredentialDumping #Mimikatz
8/10 MITM via LLMNR, NBT-NS, WPAD Poisoning:
By poisoning name resolution protocols, attackers can capture credentials sent over the network.
Stealthy but detectable.
#MITM #ComputerNetworks #infosec #cyberattack #privacy
By poisoning name resolution protocols, attackers can capture credentials sent over the network.
Stealthy but detectable.
#MITM #ComputerNetworks #infosec #cyberattack #privacy
February 18, 2025 at 2:32 PM
8/10 MITM via LLMNR, NBT-NS, WPAD Poisoning:
By poisoning name resolution protocols, attackers can capture credentials sent over the network.
Stealthy but detectable.
#MITM #ComputerNetworks #infosec #cyberattack #privacy
By poisoning name resolution protocols, attackers can capture credentials sent over the network.
Stealthy but detectable.
#MITM #ComputerNetworks #infosec #cyberattack #privacy
7/10 NTLM Relay Attack:
Here, attackers intercept NTLM authentication requests, relaying them to gain access elsewhere.
It's all about misdirecting credentials.
#NTLMRelay #NetworkSecurity #ActiveDirectory #infosec
Here, attackers intercept NTLM authentication requests, relaying them to gain access elsewhere.
It's all about misdirecting credentials.
#NTLMRelay #NetworkSecurity #ActiveDirectory #infosec
February 18, 2025 at 2:32 PM
7/10 NTLM Relay Attack:
Here, attackers intercept NTLM authentication requests, relaying them to gain access elsewhere.
It's all about misdirecting credentials.
#NTLMRelay #NetworkSecurity #ActiveDirectory #infosec
Here, attackers intercept NTLM authentication requests, relaying them to gain access elsewhere.
It's all about misdirecting credentials.
#NTLMRelay #NetworkSecurity #ActiveDirectory #infosec
6/10 Golden Ticket Attack:
With the krbtgt hash, attackers create fake tickets to impersonate any user.
This grants them unlimited access to domain resources!
#GoldenTicket #Kerberos #Hash #CyberSecurity
With the krbtgt hash, attackers create fake tickets to impersonate any user.
This grants them unlimited access to domain resources!
#GoldenTicket #Kerberos #Hash #CyberSecurity
February 18, 2025 at 2:32 PM
6/10 Golden Ticket Attack:
With the krbtgt hash, attackers create fake tickets to impersonate any user.
This grants them unlimited access to domain resources!
#GoldenTicket #Kerberos #Hash #CyberSecurity
With the krbtgt hash, attackers create fake tickets to impersonate any user.
This grants them unlimited access to domain resources!
#GoldenTicket #Kerberos #Hash #CyberSecurity
5/10 DCSync Attack:
By impersonating a Domain Controller, attackers can extract credentials from any DC.
This can lead to Golden Ticket attacks.
#DCSync #Persistence #DomainController
By impersonating a Domain Controller, attackers can extract credentials from any DC.
This can lead to Golden Ticket attacks.
#DCSync #Persistence #DomainController
February 18, 2025 at 2:32 PM
5/10 DCSync Attack:
By impersonating a Domain Controller, attackers can extract credentials from any DC.
This can lead to Golden Ticket attacks.
#DCSync #Persistence #DomainController
By impersonating a Domain Controller, attackers can extract credentials from any DC.
This can lead to Golden Ticket attacks.
#DCSync #Persistence #DomainController
4/10 AS-REP Roasting:
Focuses on accounts without required pre-authentication, allowing attackers to crack passwords from AS-REP tickets.
#ASREP #SecurityTips #Authentication #Passwords
Focuses on accounts without required pre-authentication, allowing attackers to crack passwords from AS-REP tickets.
#ASREP #SecurityTips #Authentication #Passwords
February 18, 2025 at 2:32 PM
4/10 AS-REP Roasting:
Focuses on accounts without required pre-authentication, allowing attackers to crack passwords from AS-REP tickets.
#ASREP #SecurityTips #Authentication #Passwords
Focuses on accounts without required pre-authentication, allowing attackers to crack passwords from AS-REP tickets.
#ASREP #SecurityTips #Authentication #Passwords
3/10 Kerberoasting:
Targets service accounts by cracking Kerberos tickets.
If service accounts have weak passwords, it's a goldmine for attackers.
#Kerberos #ADSecurity #Kerberoasting #password
Targets service accounts by cracking Kerberos tickets.
If service accounts have weak passwords, it's a goldmine for attackers.
#Kerberos #ADSecurity #Kerberoasting #password
February 18, 2025 at 2:32 PM
3/10 Kerberoasting:
Targets service accounts by cracking Kerberos tickets.
If service accounts have weak passwords, it's a goldmine for attackers.
#Kerberos #ADSecurity #Kerberoasting #password
Targets service accounts by cracking Kerberos tickets.
If service accounts have weak passwords, it's a goldmine for attackers.
#Kerberos #ADSecurity #Kerberoasting #password
2/10 Pass-the-Hash (PtH) Attack:
Hackers grab #NTLM hashes without cracking passwords, then use them to move around the network.
Tools like #Mimikatz are popular for this.
#PtH #CyberAttack #infosec #exploitation
Hackers grab #NTLM hashes without cracking passwords, then use them to move around the network.
Tools like #Mimikatz are popular for this.
#PtH #CyberAttack #infosec #exploitation
February 18, 2025 at 2:32 PM
2/10 Pass-the-Hash (PtH) Attack:
Hackers grab #NTLM hashes without cracking passwords, then use them to move around the network.
Tools like #Mimikatz are popular for this.
#PtH #CyberAttack #infosec #exploitation
Hackers grab #NTLM hashes without cracking passwords, then use them to move around the network.
Tools like #Mimikatz are popular for this.
#PtH #CyberAttack #infosec #exploitation