Post Compromise Attacks

Pass the Hash / Password

Pass the Hash

We can dump hashes with secretsdump.py and crack with Hashcat.

Token Impersonation

Kerberoasting

GPP / cPasswords Attacks (Group Policy Preferences)

https://www.rapid7.com/blog/post/2016/07/27/pentesting-in-the-real-world-group-policy-pwnage/www.rapid7.com

Mimikatz

LogoGitHub - gentilkiwi/mimikatz: A little tool to play with Windows securityGitHub

Golden Ticket Attack

https://www.qomplx.com/qomplx-knowledge-golden-ticket-attacks-explained/www.qomplx.com

PreviousPost Compromise EnumerationNextPivoting

Last updated

Was this helpful?