Security analysts who have some knowledge of Active Directory and pentesting would know the concept of tickets. Kerberos, the default authentication mechanism in an AD, uses ticket-based authentication where a Key Distribution Center (KDC) grants a Ticket-Granting Ticket (TGT) to a user requesting access to a service or an account, which can then be redeemed to generate a service ticket (ST) to access a particular service, like an SQL account.

Golden Ticket attacks show how an attacker can keep accessing the domain admin by obtaining the NTLM hash of the "krbtgt" account.

Domain persistence is necessary for an analyst in the event the admin password gets changed. Persistence can also be achieved by using certificate-based authentication deployed in the Active Directory Certificate Service. One such method is the Golden Certificate Attack.

#windows

Free Pentester's Lab by PentersterAcademy (USA)

Sources
https://attackdefense.pentesteracademy.com/

#education #pentest

Team Qualys discovered a local privilege escalation vulnerability in PolicyKit’s (polkit) setuid tool pkexec that allows low-level users to run commands as privileged users.

According to Qualys, the vulnerability exists in the pkexec.c code that doesn’t handle the calling parameters count correctly and ends up trying to execute environment variables as commands. Thus, an attacker can craft environment variables in such a way that it will induce pkexec to execute arbitrary code.

We are using the older, vulnerable Ubuntu version 20.04 in this demonstration, which can be downloaded from Ubuntu’s old releases page.

#linux

Microsoft has gradually increased the efficiency and effectiveness of its auditing facilities over the years. Modern Windows systems can log vast amounts of information with minimal system impact. With the corresponding decrease in the price of storage media, excuses to not enable and retain these critical pieces of evidence simply don’t stand up to scrutiny. Configuring adequate logging on Windows systems, and ideally aggregating those logs into a SIEM or other log aggregator, is a critical step toward ensuring that your environment is able to support an effective incident response.

This document provides an overview of some of the most important Windows logs and the events that are recorded there. As with all of our Analyst Reference documents, this PDF is intended to provide more detail than a cheat sheet while still being short enough to serve as a quick reference. The PDF also contains links to external resources for further reference.

#windows

Немного статистики о занятости девушек в ИТ-отрасли (показатели уже устарели, но в целом, мы видим, что вклад женской части населения в ИТ всегда был, есть, растет и будет)

+ топ специальностей, в которых работают женщины (на самом деле, список гораздо длиннее
+ распределение мужчин и женщин по длительности опыта работы в ИТ-сфере
+ распределение девушек занятых в ИТ по статистике Хабра