Recent Posts

Poc’ing Beyond Domain Admin - Part 1

6 minute read

Overview During a CTF hosted at the beginning of this year, I popped the machine, got domain context, ran bloodhound as usual and saw that my compromised use...

NTLM Relaying for gMSA Passwords

3 minute read

Overview gMSA is short for group managed service accounts in Active Directory. gMSA accounts have their passwords stored in a LDAP property called msDS-Manag...