Intro Active Directory is a vast, complicated landscape comprised of users, computers, and groups, and the complex, intertwining permissions and privileges that connect them. The initial release of BloodHound focused on the concept of derivative local admin, then BloodHound…
Intro & Background In February of this year, I posted a proof-of-concept script called “PowerPath” which combined Will Schroeder’s PowerView, Justin Warner’s concept of derivative local admin, graph theory, and Jim Truher’s (@jwtruher) PowerShell implementation of Dijkstra’s Algorithm to…
Intro Active Directory Domain escalation is an important part of most penetration tests and red team engagements. While gaining domain/enterprise administrator rights is not the end goal of an assessment, it often makes achieving test objectives much easier. A typical domain…