Active Directory Archives

Blog

Home / Blog

Fox in a red hoodie at a multi-monitor workstation and server racks, symbolizing domain trust exploitation and lateral movement.

Domain Trusts: An Exploitation Playbook

Domain Trusts: An Exploitation Playbook Understanding how domain trusts operate in Windows Active Directory has become a critical skill in modern cybersecurity. Trust relationships—meant to

June 12, 2024

Fox in a red hoodie in a server lab analyzing firmware on a laptop with connected hardware — extracting filesystem contents.

Analyzing Firmware and Extracting Filesystem

Every modern device you interact with—from Wi-Fi routers to smart TVs, medical equipment to industrial controllers—relies on firmware, the invisible layer of code that brings

June 4, 2024

Abusing AD CS Certificate Template – ESC1, ESC2, ESC3

Understanding Active Directory Certificate Services (AD CS)

Understanding Active Directory Certificate Services (AD CS) AD CS is a server role integral to Microsoft’s public key infrastructure (PKI) implementation. It tightly integrates with

May 10, 2024

Abusing Active Directory Certificate Services: A Comprehensive Guide

Organizations operate in an ever-evolving digital environment that poses security threats. Although much attention has been focused on various components of Active Directory (AD), one

April 22, 2024

Unleashing the Potential of Certificates for Privilege Escalation

Maintaining proactive defences against emerging cyber threats is of the utmost importance in today’s rapidly changing cybersecurity environment, and one area that has gained more

April 1, 2024

Zero Day in Xbox Privilege Escalation using Gaming ServiceEoP

Xbox Privilege Escalation is a serious security vulnerability on Xbox gaming platforms that could allow an attacker to escalate user privileges and gain system-level access

March 14, 2024

Unveiling Moniker Link (CVE-2024-21413): Navigating the Latest Cybersecurity Landscape

An intriguing vulnerability in Outlook’s handling of particular hyperlinks has been found, and threat actors have been known to use it in the wild. CVE-2024-21413

March 12, 2024

Exploiting Weak ACLs on Active Directory Certificate Templates: ESC4

In Active Directory (AD) security, one area that has been gaining attention is the exploitation of misconfigured Active Directory Certificate Services (ADCS) and, in particular,

November 23, 2023

PrintNightmare: The Vulnerability That Shook Windows Systems

In recent years, the cybersecurity landscape has been constantly evolving, with new vulnerabilities and exploits emerging on a regular basis. One such vulnerability that made

October 23, 2023

An In-depth Exploration into WebClient Abuse

In red teaming, understanding the potential for lateral movement within a network is crucial. One method that attackers often use for this purpose is WebClient

October 9, 2023

Exploiting Misconfigured Active Directory Certificate Template – ESC1

Certificates are crucial in establishing trust and securing communication within the Active Directory environment. They are used for authentication, encryption, and digital signatures. Certificate Templates

August 19, 2023

GPO Abuse

Group Policy Objects (GPOs) are a powerful tool administrators use to manage and enforce security policies across a domain. However, in the wrong hands, GPOs

July 31, 2023

Delaware Office

Redfox Cyber Security Inc.
8 The Green, Ste. A, Dover,
Delaware 19901,
United States.

info@redfoxsec.com

Quick Menu

Legal

Required Login

Please Login for Submit Form.

Success

Thank you! Form submitted successfully.

This field is required