Dawid Farbaniec

Part 3. Windows security: reconnaissance of Active Directory environment with BloodHound.

Collecting information about the domain environment with SharpHound A program that collects domain environment data – SharpHound is a component of the BloodHound tool. The collection of environmental data starts when SharpHound.exe is run on one of the computers. The entire BloodHound package can be downloaded (Figure 32) from the address: https://github.com/BloodHoundAD/BloodHound/releases After downloading and …

Part 1. Windows security: reconnaissance of Active Directory environment with BloodHound.

Windows security: reconnaissance of Active Directory environment with BloodHound. In this article we will take a closer look at the BloodHound tool – Six Degrees of Domain Admin. The application was developed in JavaScript and built using the Electron platform. The graphical visualization uses the Neo4j database. During the experiment, we will use a Windows …

Part 2. Windows security – what is LSASS dump. How to protect against it?

Bypassing LSA Protection (RunAsPPL) with Mimikatz Mimikatz is a tool by Benjamin Delpy for extracting Windows credentials in various ways. Important note: It is possible that running Mimikatz on Windows 10 will end in an error: kuhl_m_sekurlsa_acquireLSA ; Key import It may be helpful to use an older version, specifically Mimikatz v2.1.1 from here: https://github.com/gentilkiwi/mimikatz/files/4167347/mimikatz_trunk.zip …