Startup Apps Each user can define apps that start when they log in, by placing shortcuts to them in a specific directory. Windows also has a startup directory for apps that should start for all us...

SNMP Simple Network Management Protocol (SNMP) is a protocol for network management. It is used to monitor different devices in the network (like routers, switches, printers, IoTs…). It runs on po...

SMBRelay SMB signing is a security mechanism that allows digitally signing SMB packets to enforce their authenticity and integrity - the client/server knows that the incoming SMB packets they are ...

Silver Ticket Is an attack that allows attacker who has the password hash of a target service(MSSQL, CIFS, Sharepoint) to forge Kerberos ticket-granting tickets (TGT) that will enable attacker to ...

Local User Account If we compromised an Administrator, we can create a user and add him to an Administrators group. Exploitation We are going to create a user and add him to an Administrator gro...

Startups Each user can define apps that start when they log in, by placing shortcuts to them in a specific directory. Windows also has a startup directory for apps that should start for all users:...

Registry Autoruns Windows can be configured to run commands at startup. If we compromise an administrator’s account, we can add our reverse shell to Registry Run Keys, so that to be triggered each...

Local User Account If we have root privilege, we can create a user and add him to a root. Exploitation We are going to create a user and add him to a root group. Now we will have a root privi...

Pass The Ticket(Ptt) Pass the Ticket(Ptt) is a credential theft technique that enables adversaries to use stolen Kerberos tickets to authenticate to resources (e.g., file shares and other computer...

Pass The Hash(Pth) Pass the hash is a type of cybersecurity attack in which an adversary steals a “hashed” user credential and uses it to create a new user session on the same network. Unlike othe...