Posts
RootDSE
Cancel

Real-time detection scenarios in Active Directory environments

Introduction Recently, I joined the 2nd session of the course “3 Machine Labs” under the Auror Project, an initiative led by Sudarshan Pisupati where we were doing deep-dive in Active Directory. I...

Understanding Sysmon Events using SysmonSimulator

Introduction I wanted to understand how Sysmon detects various activities on the Windows endpoints and generates the event logs, so I created a tool SysmonSimulator which is written in C and uses ...

WMI Event Watcher notification for Windows Defender

Introduction In this post, I’m just playing with Windows Management Instrumentation (WMI) Event Watcher task to look for few tasks. As per Microsoft, the WMI Event Watcher task detects the changes ...

Active Directory Lab Setup (Part 2)- Add data to AD domain

In the previous posts, we have covered installation of AD forest and AD basics have also been discussed. In this post, let’s start populating the AD environment with AD objects like user objects, c...

Active Directory Lab Setup (Part 1) - Forest Installation

In the previous post, basics of Active Directory have been discussed. In this post, we’ll discuss how the environment can be setup and configured, so we can use it to perform various attack scenari...

Active Directory Security Fundamentals (Part 2)- SPN, Kerberoasting

Service Principal Name (SPN) A service principal name (SPN) is a unique identifier of a service instance. SPNs are used by Kerberos authentication to associate a service instance with a service lo...

Active Directory Security Fundamentals (Part 1)- Kerberos

Active Directory Security The information about different AD objects is stored in AD in object and attribute format, all of that is defined in Active directory Schema as we discussed earlier. This...

Active Directory Fundamentals (Part 4)- NTDS.DIT, LDAP, Schema, Attributes

Introduction In this particular post, we’ll look into the Protocols and technologies that make an Active Directory work. At its very core, Active Directory is a distributed database stored on the ...

Active Directory Fundamentals (Part 3)- Group Policies

Introduction In this blogpost, we’ll discuss about the Group Policies in Active directory, which is one of the important elements of AD. We’ll cover concepts like : What are Group Policies in A...

Active Directory Fundamentals (Part 2) - AD Objects

In this blogpost, we’ll discuss about different Active directory objects and basic concepts like : Why Active Directory objects are required in a domain How they can be created How to enumer...

Active Directory Fundamentals (Part 1)- Basic Concepts

Introduction These blogs are focused primarily on understanding the Windows Active Directory environment and seeing it from different point of views i.e. as an Administrator who tri...