Network Infrastructure Security Guidance, March 2022 (PP-22-0266 Version 1.0)

This report presents best practices for overall network security and protection of individual network devices, and will assist administrators in preventing an adversary from exploiting their network. While the guidance presented here is generic and can be applied to many types of network devices, sample commands for Cisco Internetwork Operating System (IOS) devices are provided which can be executed to implement the recommendations.

#cisco #docs

Security analysts who have some knowledge of Active Directory and pentesting would know the concept of tickets. Kerberos, the default authentication mechanism in an AD, uses ticket-based authentication where a Key Distribution Center (KDC) grants a Ticket-Granting Ticket (TGT) to a user requesting access to a service or an account, which can then be redeemed to generate a service ticket (ST) to access a particular service, like an SQL account.

Golden Ticket attacks show how an attacker can keep accessing the domain admin by obtaining the NTLM hash of the "krbtgt" account.

Domain persistence is necessary for an analyst in the event the admin password gets changed. Persistence can also be achieved by using certificate-based authentication deployed in the Active Directory Certificate Service. One such method is the Golden Certificate Attack.

#windows

Free Pentester's Lab by PentersterAcademy (USA)

Sources
https://attackdefense.pentesteracademy.com/

#education #pentest