dirkjanm.io_Health & Fitness_Free Link Directory

Home Page › Health & Fitness › dirkjanm.io

Title

dirkjanm.io

Go Home

Click

URL

www.dirkjanm.io

Category

Health & Fitness

Description

Dirk-jan’s personal blog, mostly containing research on topics I find interesting, such as Windows, Active Directory and cloud stuff.

Email

[email protected]

Address

Phone Number

+1 609-831-2326 (US) | Message me

Site Icon

Tags

dirkjanm,io,

More From This Site

Raajlaxmi Towers Vasai-Virar construction company Conferenza Nazionale degli Organismi di Parità delle Università Italiane ACD Distribution - Delivering Fun The Grand Lodge of Florida - Freemasonry and Masonic Orders within the Jurisdiction of Florida Adrias Online - Azienda di Marketing e Comunicazione a Rimini

Page Views

Share

Update Time

2022-05-11 14:24:19

"I love dirkjanm.io"

www.dirkjanm.io VS www.gqak.com

2022-05-11 14:24:19

dirkjanm.io Posts Presentations Toggle Menu Dirk-jan Mollema Hacker, red teamer, researcher. Likes to write infosec-focussed Python tools. This is my personal blog containing research on topics I find interesting, such as (Azure) Active Directory internals, protocols and vulnerabilities.Business info at outsidersecurity.nl Follow Both sides of a security boundary Twitter GitHub YouTube Recent Posts Relaying Kerberos over DNS using krbrelayx and mitm6 11 minute read February 22, 2022 One thing I love is when I think I understand a topic well, and then someone proves me quite wrong. That was more or less what happened when James Forshaw published a blog on Kerberos relaying, which disproves my conclusion that you can’t relay Kerberos from a few years ago. James showed that there are some tricks to make Windows authenticate to a different Service Principal Name (SPN) than wha... NTLM relaying to AD CS - On certificates, printers and a little hippo 14 minute read July 28, 2021 I did not expect NTLM relaying to be a big topic again in the summer of 2021, but among printing nightmares and bad ACLs on registry hives, there has been quite some discussion around this topic. Since there seems to be some confusion out there on the how and the why, and new attack vectors coming up fast now, I figured I’d write a short post with some more details and background. Hardly anythi... Active Directory forest trusts part 2 - Trust transitivity and finding a trust bypass 24 minute read June 10, 2021 In my first personal blog post in 2018 I wrote about Active Directory forest trusts and how they work under the hood. Part two of the series was since then promised but never delivered. I researched this topic again in 2019 and ended up finding a logic flaw which allowed the bypassing of the SID filtering mechanism and compromise hosts in a trusted forest. This flaw was patched in February 2020... A different way of abusing Zerologon (CVE-2020-1472) 17 minute read September 24, 2020 In August 2020, Microsoft patched CVE-2020-1472 aka Zerologon. This is in my opinion one of the most critical Active Directory vulnerabilities of the past few years, since it allows for instant escalation to Domain Admin without credentials. The most straightforward way to exploit this involves changing the password of a Domain Controller computer account. This is a risky move and could potenti... Digging further into the Primary Refresh Token 19 minute read August 05, 2020 In my previous blog I talked about using the Primary Refresh Token (PRT). The PRT can be used for Single Sign On in Azure AD through PRT cookies. These cookies can be created by attackers if they have code execution on a victim’s machine. I also theorized that since the PRT and the cryptographic keys associated with it it are present on the victims device, they could be extracted from memory wi... Previous 1 2 3 4 Next GitHub Feed All blog content is available under the Creative Commons BY 4.0 License unless stated otherwise. Powered by Jekyll and a modified version of the "Minimal Mistakes" theme.