Walkthrough demonstrating how Active Directory permission misconfigurations let you chain WriteSPN, AddSelf, ReadGMSA, ForceChange, WriteOwner, GenericAll and exploit the ESC15 certificate vulnerability.
00:00:00 Introduction
00:01:31 Port Scan (Nmap)
00:04:17 Collecting BloodHound Data
00:09:28 Uploading BloodHound Data
00:11:15 Abusing WriteSPN Configuration
00:17:08 Abusing AddSelf Configuration
00:20:08 Abusing Read GMSA Password
00:23:27 Abusing ForceChangePassword Configuration
00:27:21 Abusing WriteOwner Configuration
00:36:28 Accessing Remote Management Account
00:38:15 Abusing GenericAll Configuration
00:53:24 Investigating Certificate Account
00:54:42 Restoring Deleted Account
00:58:50 Investigating Certificate Vulnerability with certify
01:00:39 Abusing ESC15 Certificate Vulnerability
01:17:22 Changing Administrator Account Password
01:17:53 Administrator Login
#activedirectory #pentesting #cybersecurity
