In this blog post, I describe how I managed to read password hashes from the lsass.exe process memory in Windows 11 24H2. Since this version was still very new at the time of writing this post, some of the issues are due to a lack of tool support and should be resolved in the future. However, this post may also help in adapting the tools for later Windows versions.
Kerberos works similarly to a passport: A passport authority issues the passport after the person has identified themselves. With this passport, they can then go to the border and prove their identity.
In this blog post, I will briefly address two often overlooked vulnerabilities and misconfigurations in the Active Directory Tiering model. Specifically, I will focus on the mishandling of terminal servers and the helpdesk user group.
What do we see in the photo? The settings for User Account Control (UAC). But what exactly is that and how can it be bypassed?