How to Hack Active Directory with ASREP Roasting
ฝัง
- เผยแพร่เมื่อ 22 ม.ค. 2024
- jh.live/alteredsecurity || Learn on-premise Active Directory & Azure Active Directory penetration testing and get certified with Altered Security! jh.live/alteredsecurity
Free Cybersecurity Education and Ethical Hacking
🔥TH-cam ALGORITHM ➡ Like, Comment, & Subscribe!
🙏SUPPORT THE CHANNEL ➡ jh.live/patreon
🤝 SPONSOR THE CHANNEL ➡ jh.live/sponsor
🌎FOLLOW ME EVERYWHERE ➡ jh.live/discord ↔ jh.live/twitter ↔ jh.live/linkedin ↔ jh.live/instagram ↔ jh.live/tiktok
💥 SEND ME MALWARE ➡ jh.live/malware
Hi John, great video showcasing ASREP Roasting! I would really appreciate more content on various Active Directory penetration testing techniques such as Kerberoasting, DCSync, Pass the Hash, Pass the Ticket, Overpass the Hash, ADCS vulnerabilities, etc & the usage of tools like Impacket, Mimikatz, Certipy, & many others. Keep them coming.
5:35 cheeky John, typing with his feet
Another good video, keep it up J. I love seeing the AD skill set being used.
hey you were attempting *OSEE* ? what happend? did you do it? how was your experience? please make a dedicated video on that . 🙂🙂
Wouldn't the Linux command get picked up by AVs like defender?
New camera angles you thought we wouldn't notice 😂😂😂
Hi John, I'd vote for a video detailing ADFS attack chain. Golden SAML and ADFS Token Signing Certificate attacks still seem to fly under the radar despite the well publicized Nobelium APT group. There are also reports from MS on techniques using both FoggyWeb and MagicWeb tooling. This could be an opportunity to bring AD FS hardening guidance, and maybe for entities that have Microsoft Defender for Identity, note that the sensor also should run on the AD FS (it's often not there, and only put on DCs). Just one I thought would make a good video, not that it would be so easy to do.
yes I tried the free lab of Altered Security and reallt it's helpful
Great video, we want more videos about AD
Great digestible video. Maybe I will check out their Azure hacking after I complete the PNPT.
@TmurphyIT what is the cost of pnpt to the current market and duration for this cert ?
Good luck! I take the PNPT soon 😁
399$ course + exam @@balajisharathkumar9753
Holding yall accountable.. how'd it go? I'm gonna take the exam on 06/07/24 however I looked into the sponsor he mentioned in the video and I may purchase that training first.. just to have a well rounded AD skillset.. then I'll take PNPT followed by CRTE.. ultimately OSCP the goal for the end of this year just so much $$$
@@marctorres7805 PNPT passed. Holding off on this training but it’s on my list.
So if we did not have a username and we're trying to get one, how would this not throw a lot of noise?
Is this under the impression that no one is monitoring the network?
How would the looking for a username slip past a SIEMs notification?
Would you be breaking up the brute force attack to 5 names at a time with a period of 1-5 minutes in between? Would you try and make more noise on something else to draw away attention?
Since joining the Blue team, I am trying to understand how a lot of these attacks occur when companies have a dedicated team? I am targeting Fortune 500 companies, are most of them really not prepared, in your opinion?
Please make a playlist on ethical hacking and for oscp exam
wow greate video awesome knowledge share add some defence side of techniques too stop these inbound attacks from hacker point of views
So, how common do you guys think it is to find this in real AD environments? I don't see why any admin would disable the pre-auth option, unless maybe some old system auth integration with kerberos. Have you encountered these cases where pre-auth has to be disabled for some specific reason?
disabling pre auth is not a vulnerability. these 'hacking' videos might mislead you a bit. network admins disable pre auth in case of an emergency where kerberos is not accessible or if it is unadvantageous to use kerberos.
notice, the "as rep roast" produces a tgt. that tgt is made ahead of time to go around kerberos and authenticate.
best practice for an account with pre auth disabled is 2 upper 2 lower 2 special character 2 number (complex) passwords. sorry for the long rant. there are tons of ideas about active directory that get screwed up when folks are learning about active directory through hacking vids.
Thx for all you do.
Random thought and, as a result, Random question: who donyou look up to in terms of skillset and level of expertise in the hacking/security community. Not talking abt guys that have a million followers or great channels. Im talking abt guy that know their stuff and are a force, for good or evil, to be respected in the community . Thx in advance.
JOHNNN!!!!!!!
Amazing video!!
default user does have pre-authentication enabled. why will admin tick that checkbox?
Service accounts often to login across servers at a rigorous rate. So, they have their pre authentication disabled to reduce network load
Often need to login*
Chatgpt has this to say...
Legacy Applications or Systems: Some older applications or systems might not support Kerberos pre-authentication. To allow these applications to interact with modern Active Directory environments, an administrator might disable pre-authentication for specific service accounts associated with these applications.
Interoperability with Non-Windows Systems: In mixed IT environments with non-Windows systems, there might be compatibility issues with Kerberos pre-authentication. Disabling it can be a workaround to ensure interoperability between different systems.
Troubleshooting: Administrators might temporarily disable pre-authentication on a user account to troubleshoot authentication issues. This is typically done in a controlled environment and should be re-enabled as soon as the issue is resolved.
Specific Configuration Requirements: Certain specialized configurations or deployments might require pre-authentication to be disabled for particular accounts. However, this is rare and typically not recommended due to the security risks.
It's important for administrators to be aware of the security risks associated with disabling Kerberos pre-authentication. Disabling it should be a last resort, and if it must be done, it should be limited to the specific accounts that absolutely require it. Additionally, accounts with pre-authentication disabled should be monitored closely for any unusual activity, as they are more susceptible to AS-REP Roasting attacks. In general, maintaining strong security practices and minimizing exceptions like this are key to maintaining a secure Active Directory environment.
These are so funny assuming theres no other AV aside from Windows Defender, or PowerShell logging 😂
THM has a room with asrep roasting
Thanks so much JohnHammond
More AD stuff
What is an active directory bro ?
Guys tell me 🥹
Lmao…there google for this. You know that right.
Active Directory basically is the storage space for the user accounts and passwords
@@jermainreed9653 sorry bro 🥺 now I got it, Thanks buddy.
Identity and Access Management
@@jermainreed9653 yes bro, thanks for lemme know.
first
hh
First
Bro please I want a free fire account 😭🙏
First
First