TLPT (Threat-Led Penetration Testing): Objective and Methodology In a context where cyberattacks are becoming more sophisticated, targeted and persistent, traditional security approaches are reaching their limits. I... 24.02 Applications
What is Pass-the-Hash? Attacks Types and Security Best Practices During our internal penetration tests, we regularly compromise Active Directory without using any passwords. This is possible thanks to an iconic atta... 16.01 Infra & Network
Active Directory Monitoring: LDAP Log Analysis and ELK Rules Active Directory (AD) is a directory service developed by Microsoft. It is used by most companies to manage identities, user accounts, machines, secur... 13.10 Infra & Network
AD CS Security: Understanding and Exploiting ESC Techniques After presenting the operating principles of Active Directory Certificate Services (AD CS) in a previous article, it is now time to address a more off... 25.09 Infra & Network
Understanding Active Directory Certificate Services (AD CS) As part of our internal penetration tests, we regularly encounter AD CS (Active Directory Certificate Services) infrastructures deployed on corporate ... 19.06 Infra & Network
What is Kerberoasting? Attack and Security Tips Explained Kerberoasting is a common attack in Active Directory environments. It is based on a weakness in the Kerberos protocol, but its exploitation requires s... 04.02 Infra & Network
Active Directory Pentesting: Objective, Methodology, Black Box and Grey Box Tests Active Directory (AD) is at the heart of many organisations’ IT infrastructure. It manages authentication, authorisation and access to critical ... 02.01 Infra & Network
Assumed Breach: Objectives, Methodology, Test Scenarios and Use Cases At a time when cyber attacks are increasing in frequency, sophistication and impact, traditional defensive approaches, while necessary, are no longer ... 30.12 Applications
