3bf838f7d0fe12c848783889464c8398a722327367dbf3117278bb32574e5ae8

Sharing

Copy URL

Twitter E-mail

General

Target

3bf838f7d0fe12c848783889464c8398a722327367dbf3117278bb32574e5ae8
Size

2.3MB
MD5

016353a2673d694b668b7319bb09e816
SHA1

5b6d8f9775f5746051527901379949fb6c371395
SHA256

3bf838f7d0fe12c848783889464c8398a722327367dbf3117278bb32574e5ae8
SHA512

4963e2ca35ffd330c760874c4cc60e7d21d9a24a26731f52b15f41fd8d18db0eb8c07cc92986fb6a7076cf4d2c11e82ab8ea4ce7e75615a78638ad43d7551228
SSDEEP

49152:oMugUeCBMP7rSK0Oc0dYPnurzVJvjFhrKB4JYM:oMugUeOM/J0Oc0YczDv59J3

Score

4^/10

pdf link

Malware Config

Signatures

HTTP links in PDF interactive object 1 IoCs

Detects HTTP links in interactive objects within PDF files.

pdf link

resource	yara_rule
sample	pdf_with_link_action

One or more HTTP URLs in PDF identified
Detects presence of HTTP links in PDF files.
pdf link

Files

3bf838f7d0fe12c848783889464c8398a722327367dbf3117278bb32574e5ae8
.pdf
- https://www.alteredsecurity.com/
- https://github.com/samratashok/
- https://www.alteredsecurity.com/online-labs
- https://www.alteredsecurity.com/bootcamps
- https://github.com/AlteredSecurity/
- https://enterprisesecurity.io/
- https://learn.microsoft.com/en-us/training/modules/implement-manage-active-directory-certificate-services/2-explore-fundamentals-of-pki-ad-cs
- https://thesecmaster.com/what-are-the-different-types-of-certificate-formats/
- https://www.pkisolutions.com/object-identifiers-oid-in-pki/
- https://specterops.io/wp-content/uploads/sites/3/2022/06/Certified_Pre-Owned.pdf
- https://sensepost.com/blog/2022/certpotato-using-adcs-to-privesc-from-virtual-and-network-service-accounts-to-local-system/
- https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/hh831740(v=ws.11)
- https://www.tarlogic.com/blog/ad-cs-esc7-attack/
- https://www.tarlogic.com/blog/ad-cs-manageca-rce/
- https://research.ifcr.dk/certipy-4-0-esc9-esc10-bloodhound-gui-new-authentication-and-request-methods-and-more-7237d88061f7
- https://blog.compass-security.com/2022/11/relaying-to-ad-certificate-services-over-rpc/
- https://research.ifcr.dk/certifried-active-directory-domain-privilege-escalation-cve-2022-26923-9e098fe298f4
- https://github.com/GhostPack/Certify
- https://github.com/ly4k/Certipy
- https://github.com/zer1t0/certi
- https://github.com/grimlockx/ADCSKiller
- https://github.com/dirkjanm/PKINITtools
- https://github.com/cfalta/PoshADCS
- https://github.com/Ridter/pyForgeCert
- https://github.com/fortalice/modifyCertTemplate
- https://github.com/paranoidninja/CarbonCopy
- https://github.com/Dec0ne/KrbRelayUp
- https://github.com/h4wkst3r/InvisibilityCloak
- https://github.com/yck1509/ConfuserEx
- https://s3cur3th1ssh1t.github.io/Bypass-AMSI-by-manual-modification-part-II/
- https://github.com/rasta-mouse/ThreatCheck
- https://github.com/bohops/WSMan-WinRM
- https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/winrs
- https://github.com/AlmondOffSec/PassTheCert
- https://offsec.almond.consulting/authenticating-with-certificates-when-pkinit-is-not-supported.html
- https://github.com/AlmondOffSec/PassTheCert/tree/main/C%23
- https://shenaniganslabs.io/2019/01/28/Wagging-the-Dog.html
- https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-sfu/4a624fb5-a078-4d30-8ad1-e9ab71e0bc47#gt_2214804a-4a44-46f4-b6d2-a78f4ff39a39
- https://support.microsoft.com/en-gb/topic/windows-server-2022-update-history-e1caa597-00c5-4ab9-9f3e-8212fe80b2ee
- https://support.microsoft.com/en-us/topic/kb5014754-certificate-based-authentication-changes-on-windows-domain-controllers-ad2c23b0-15d8-4340-a468-4d4f3b188f16
- https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-wcce/e563cff8-1af6-4e6f-a655-7571ca482e71
- https://support.microsoft.com/en-gb/topic/may-10-2022-kb5013944-os-build-20348-707-05509703-187a-4d5b-97f5-8793dbb22991
- https://elkement.blog/2023/03/30/lord-of-the-sid-how-to-add-the-objectsid-attribute-to-a-certificate-manually/
- https://posts.specterops.io/certificates-and-pwnage-and-patches-oh-my-8ae0f4304c1d
- https://github.com/PKISolutions/ADCS-SID-Extension-Policy-Module
- https://twitter.com/gentilkiwi/status/998219775485661184
- https://posts.specterops.io/shadow-credentials-abusing-key-trust-account-mapping-for-takeover-8ee1a53566ab
- https://github.com/eladshamir/Whisker
- https://github.com/ShutdownRepo/pywhisker
- https://cyberstoph.org/posts/2022/03/detecting-shadow-credentials/
- https://superuser.com/questions/1459190/powershell-cmd-find-files-with-a-certain-extension-excluding-error-messages-fr
- https://github.com/GhostPack/Seatbelt
- https://github.com/GhostPack/Certify/commit/71636c435f2e5e7d8d0770154464f44da356ca42
- https://github.com/RazzburyPi/Certipy
- https://docs.microsoft.com/en-us/windows/desktop/api/dpapi/nf-dpapi-cryptprotectdata
- https://docs.microsoft.com/en-us/windows/desktop/api/dpapi/nf-dpapi-cryptunprotectdata
- https://github.com/GhostPack/SharpDPAPI
- https://devblogs.microsoft.com/powershell-community/understanding-get-acl-and-ad-drive-output/
- https://github.com/FuzzySecurity/StandIn
- https://github.com/Hagrid29/CertifyKit
- https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/wdac-and-applocker-overview
- https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script
- https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-windows-defender-application-control-policies-using-group-policy
- https://webapp-wdac-wizard.azurewebsites.net/
- https://learn.microsoft.com/en-us/windows-hardware/drivers/install/authenticode
- https://axelarator.github.io/posts/codesigningcerts/?s=08
- https://learn.microsoft.com/en-us/powershell/scripting/learn/remoting/ps-remoting-second-hop?view=powershell-7.3
- https://book.hacktricks.xyz/windows-hardening/active-directory-methodology/kerberos-double-hop-problem
- https://learn.microsoft.com/en-us/previous-versions/tn-archive/cc875821(v=technet.10
- https://ppn.snovvcrash.rocks/pentest/infrastructure/ad/ad-cs-abuse/esc8
- https://github.com/topotam/PetitPotam
- https://github.com/fortra/impacket/blob/master/examples/ntlmrelayx.py
- https://github.com/bats3c/ADCSPwn
- https://github.com/p0dalirius/Coercer
- https://support.microsoft.com/en-gb/topic/kb5005413-mitigating-ntlm-relay-attacks-on-active-directory-certificate-services-ad-cs-3612b773-4043-4aa9-b23d-b87910cd3429
- https://msrc-blog.microsoft.com/2021/07/08/clarified-guidance-for-cve-2021-34527-windows-print-spooler-vulnerability/
- https://twitter.com/snovvcrash/status/1552937086587650048
- https://github.com/p0dalirius/windows-coerced-authentication-methods
- https://goteleport.com/blog/how-to-configure-ssh-certificate-based-authentication/
- https://blog.laslabs.com/2016/08/storing-ssh-keys-in-active-directory/
- https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/auth-ssh
- https://pldmgg.github.io/2018/07/19/CentralizedSSH.html
- https://github.com/smallstep/certificates
- https://developer.hashicorp.com/vault/docs/concepts/policies
- https://medium.com/hashicorp-engineering/hashicorp-vault-ssh-ca-and-sentinel-79ea6a6960e5
- https://manpages.ubuntu.com/manpages/xenial/man1/certutil.1.html
- https://firefox-source-docs.mozilla.org/security/nss/legacy/reference/nss_tools__colon__pk12util/index.html
- https://stackoverflow.com/questions/4267573/linux-equivalent-for-the-windows-certificate-store
- https://www.tarlogic.com/blog/ad-cs-esc7-attack
- https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/ff955845(v=ws.10)?redirectedfrom=MSDN
- https://learn.microsoft.com/en-us/azure/active-directory/authentication/concept-certificate-based-authentication
- https://learn.microsoft.com/en-us/azure/active-directory/authentication/concept-certificate-based-authentication-technical-deep-dive
- https://learn.microsoft.com/en-us/azure/active-directory/authentication/concept-mfa-howitworks
- https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/dn786426(v=ws.11)
- https://social.technet.microsoft.com/wiki/contents/articles/10942.ad-cs-security-guidance.aspx
- https://github.com/GhostPack/PSPKIAudit
- https://speakerdeck.com/heirhabarov/hunting-for-active-directory-certificate-services-abuse
- https://discord.com/invite/vcEwaRMwJe
- http://Mittalen-INalteredsecurity.com
- http://en-US-en-USgithub.com/en-USsamratashoken-US/en-USen-USCreator
- http://en-US-en-USalteredsecurity.com/onlineen-US-en-USlabsen-USen-USInstructoren-US-en-USled
- http://en-US-en-USalteredsecurity.com/bootcampsen-USen-USGitHub
- http://en-US-en-USgithub.com/AlteredSecurityen-USen-USLab
- http://en-US-en-USenterprisesecurity.io
- https://adcs.enterprisesecurity.io/en-USen-USKeeping
- https://learn.microsoft.com/enen-IN-en-INus/windowsen-IN-en-INserver/identity/aden-IN-en-INcs/activeen-IN-en-INdirectoryen-IN-en-INcertificateen-IN-en-INservicesen-IN-en-INoverview
- https://learn.microsoft.com/enen-US-en-USus/training/modules/implementen-US-en-USmanageen-US-en-USactiveen-US-en-USdirectoryen-US-en-UScertificateen-US-en-USservices/2en-US-en-USexploreen-US-en-USfundamentalsen-US-en-USofen-US-en-USpkien-US-en-USaden-US-en-UScs
- https://thesecmaster.com/whaten-US-en-USareen-US-en-UStheen-US-en-USdifferenten-US-en-UStypesen-US-en-USofen-US-en-UScertificateen-US-en-USformats/
- https://www.pkisolutions.com/objecten-IN-en-INidentifiersen-IN-en-INoiden-IN-en-INinen-IN-en-INpki/
- https://specterops.io/wpen-US-en-UScontent/uploads/sites/3/2022/06/Certified_Preen-US-en-USOwned.pdf
- https://www.pkisolutions.com/understandingen-US-en-USactiveen-US-en-USdirectoryen-US-en-UScertificateen-US-en-USservicesen-US-en-UScontainersen-US-en-USinen-US-en-USactiveen-US-en-USdirectory/
- https://sensepost.com/blog/2022/certpotatoen-IN-en-INusingen-IN-en-INAD
- https://specterops.io/wpen-IN-en-INcontent/uploads/sites/3/2022/06/Certified_Preen-IN-en-INOwned.pdf
- https://specterops.io/wpen-IN-en-INcontent/uploads/sites/3/2022/06/Certified_Preen-IN-en-INOwned.pdfen-INESC7
- https://www.tarlogic.com/blog/aden-IN-en-INcsen-IN-en-INesc7en-IN-en-INattack/en-INESC7
- https://www.tarlogic.com/blog/aden-IN-en-INcsen-IN-en-INmanagecaen-IN-en-INrce/
- https://specterops.io/wpen-IN-en-INcontent/uploads/sites/3/2022/06/Certified_Preen-IN-en-INOwned.pdfen-INESC9,
- https://research.ifcr.dk/certipyen-IN-en-IN4en-IN-en-IN0en-IN-en-INesc9en-IN-en-INesc10en-IN-en-INbloodhounden-IN-en-INguien-IN-en-INnewen-IN-en-INauthenticationen-IN-en-INanden-IN-en-INrequesten-IN-en-INmethodsen-IN-en-INanden-IN-en-INmoreen-IN-en-IN7237d88061f7en-INESC11:
- https://blog.compassen-IN-en-INsecurity.com/2022/11/relayingen-IN-en-INtoen-IN-en-INaden-IN-en-INcertificateen-IN-en-INservicesen-IN-en-INoveren-IN-en-INrpc/en-INCertifrieden-IN:
- https://research.ifcr.dk/certifrieden-IN-en-INactiveen-IN-en-INdirectoryen-IN-en-INdomainen-IN-en-INprivilegeen-IN-en-INescalationen-IN-en-INcveen-IN-en-IN2022en-IN-en-IN26923en-IN-en-IN9e098fe298f4
- https://specterops.io/wpen-IN-en-INcontent/uploads/sites/3/2022/06/Certified_Preen-IN-en-INOwned.pdfen-INDPERSIST2:
- https://specterops.io/wpen-IN-en-INcontent/uploads/sites/3/2022/06/Certified_Preen-IN-en-INOwned.pdfen-INDPERSIST3:
- https://github.com/GhostPack/Certifyen-USen-USCertipyen-US:en-UShttps://github.com/ly4k/Certipyen-USen-USAll
- https://github.com/zer1t0/certien-USADCSKilleren-US:
- https://github.com/grimlockx/ADCSKilleren-USPKINIToolsen-US:en-UShttps://github.com/dirkjanm/PKINITtoolsen-USPoshADen-USCS:en-UShttps://github.com/cfalta/PoshAD
- https://github.com/GhostPack/ForgeCerten-USPyForgeCerten-US:en-UShttps://github.com/Ridter/pyForgeCerten-USModifyCertTemplateen-US:en-UShttps://github.com/fortalice/modifyCertTemplateen-USCarbonCopyen-US:en-UShttps://github.com/paranoidninja/CarbonCopyen-USKrbRelayUpen-US:en-UShttps://github.com/Dec0ne/KrbRelayUp
- https://github.com/h4wkst3r/InvisibilityCloaken-USConfuserExen-USGithuben-US:
- https://github.com/yck1509/ConfuserExen-USManual
- https://s3cur3th1ssh1t.github.io/Bypassen-US-en-USAMSIen-US-en-USbyen-US-en-USmanualen-US-en-USmodificationen-US-en-USparten-US-en-USII/
- http://en-USInvisibilityCloak.py
- https://github.com/rastaen-US-en-USmouse/ThreatCheck
- https://github.com/Flangvik/NetLoader
- https://github.com/OmerYa/Invisien-IN-en-INShell/blob/master/InvisiShellProfier/InvisiShellProfiler.cppen-INhttps://docs.microsoft.com/enen-IN-en-INus/dotnet/framework/unmanageden-IN-en-INapi/profiling/profilingen-IN-en-INoverview
- https://github.com/bohops/WSManen-US-en-USWinRMen-US
- https://learn.microsoft.com/enen-US-en-USus/windowsen-US-en-USserver/administration/windowsen-US-en-UScommands/winrs
- https://github.com/AlmondOffSec/PassTheCerten-USBlog
- https://offsec.almond.consulting/authenticatingen-US-en-USwithen-US-en-UScertificatesen-US-en-USwhenen-US-en-USpkiniten-US-en-USisen-US-en-USnoten-US-en-USsupported.htmlen-USPassTheCerten-UScommands
- https://learn.microsoft.com/enen-IN-en-INus/openspecs/windows_protocols/msen-IN-en-INpkca/d0cf1763en-IN-en-IN3541en-IN-en-IN4008en-IN-en-INa75fen-IN-en-INa577fa5e8c5b
- https://learn.microsoft.com/enen-IN-en-INus/windowsen-IN-en-INserver/security/tls/tlsen-IN-en-INsslen-IN-en-INschannelen-IN-en-INsspen-IN-en-INoverview
- https://www.thehacker.recipes/ad/movement/kerberos/unpacen-US-en-UStheen-US-en-UShash
- https://learn.microsoft.com/enen-IN-en-INus/openspecs/windows_protocols/msen-IN-en-INsfu/4a624fb5en-IN-en-INa078en-IN-en-IN4d30en-IN-en-IN8ad1en-IN-en-INe9ab71e0bc47#gt_2214804aen-IN-en-IN4a44en-IN-en-IN46f4en-IN-en-INb6d2en-IN-en-INa78f4ff39a39en-USS4u2self:en-UShttps://shenaniganslabs.io/2019/01/28/Waggingen-US-en-UStheen-US-en-USDog.html
- https://support.microsoft.com/enen-US-en-USgb/topic/windowsen-US-en-USserveren-US-en-US2022en-US-en-USupdateen-US-en-UShistoryen-US-en-USe1caa597en-US-en-US00c5en-US-en-US4ab9en-US-en-US9f3een-US-en-US8212fe80b2eeen-USCertificateen-US-en-USbaseden-US-en-USauthentication
- https://support.microsoft.com/enen-US-en-USus/topic/kb5014754en-US-en-UScertificateen-US-en-USbaseden-US-en-USauthenticationen-US-en-USchangesen-US-en-USonen-US-en-USwindowsen-US-en-USdomainen-US-en-UScontrollersen-US-en-USad2c23b0en-US-en-US15d8en-US-en-US4340en-US-en-USa468en-US-en-US4d4f3b188f16en-USKB5014754
- https://support.microsoft.com/enen-US-en-USus/topic/kb5014754en-US-en-UScertificateen-US-en-USbaseden-US-en-USauthenticationen-US-en-USchangesen-US-en-USonen-US-en-USwindowsen-US-en-USdomainen-US-en-UScontrollersen-US-en-USad2c23b0en-US-en-US15d8en-US-en-US4340en-US-en-USa468en-US-en-US4d4f3b188f16en-USszOID_NTDS_CA_SECURITY_EXTen-USstructure
- https://learn.microsoft.com/enen-US-en-USus/openspecs/windows_protocols/msen-US-en-USwcce/e563cff8en-US-en-US1af6en-US-en-US4e6fen-US-en-USa655en-US-en-US7571ca482e71
- https://support.microsoft.com/enen-US-en-USgb/topic/mayen-US-en-US10en-US-en-US2022en-US-en-USkb5013944en-US-en-USosen-US-en-USbuilden-US-en-US20348en-US-en-US707en-US-en-US05509703en-US-en-US187aen-US-en-US4d5ben-US-en-US97f5en-US-en-US8793dbb22991
- https://elkement.blog/2023/03/30/lorden-US-en-USofen-US-en-UStheen-US-en-USsiden-US-en-UShowen-US-en-UStoen-US-en-USadden-US-en-UStheen-US-en-USobjectsiden-US-en-USattributeen-US-en-UStoen-US-en-USaen-US-en-UScertificateen-US-en-USmanually/AD
- https://posts.specterops.io/certificatesen-US-en-USanden-US-en-USpwnageen-US-en-USanden-US-en-USpatchesen-US-en-USohen-US-en-USmyen-US-en-US8ae0f4304c1d
- https://www.pkisolutions.com/adcsen-US-en-USsiden-US-en-USextensionen-US-en-USpolicyen-US-en-USmoduleen-US-en-USisen-US-en-USlive/en-USPKISolutionsen-USGithuben-USProject:en-UShttps://github.com/PKISolutions/ADCSen-US-en-USSIDen-US-en-USExtensionen-US-en-USPolicyen-US-en-USModule
- https://adcs.enterprisesecurity.io/AD
- https://sensepost.com/blog/2022/certpotatoen-US-en-USusingen-US-en-USadcsen-US-en-UStoen-US-en-USprivescen-US-en-USfromen-US-en-USvirtualen-US-en-USanden-US-en-USnetworken-US-en-USserviceen-US-en-USaccountsen-US-en-UStoen-US-en-USlocalen-US-en-USsystem/
- http://twitter.com/gentilkiwi/status/998219775485661184en-UShttps://github.com/GhostPack/Rubeus/#tgtdeleg
- https://learn.microsoft.com/enen-IN-en-INus/windows/security/identityen-IN-en-INprotection/helloen-IN-en-INforen-IN-en-INbusiness/helloen-IN-en-INoverviewen-INhttps://posts.specterops.io/shadowen-IN-en-INcredentialsen-IN-en-INabusingen-IN-en-INkeyen-IN-en-INtrusten-IN-en-INaccounten-IN-en-INmappingen-IN-en-INforen-IN-en-INtakeoveren-IN-en-IN8ee1a53566aben-INhttps://learn.microsoft.com/enen-IN-en-INus/openspecs/windows_protocols/msen-IN-en-INpac/2f9cae55en-IN-en-IN350aen-IN-en-IN423een-IN-en-INa692en-IN-en-IN1d16659e544a
- https://posts.specterops.io/shadowen-IN-en-INcredentialsen-IN-en-INabusingen-IN-en-INkeyen-IN-en-INtrusten-IN-en-INaccounten-IN-en-INmappingen-IN-en-INforen-IN-en-INtakeoveren-IN-en-IN8ee1a53566ab
- https://posts.specterops.io/shadowen-US-en-UScredentialsen-US-en-USabusingen-US-en-USkeyen-US-en-UStrusten-US-en-USaccounten-US-en-USmappingen-US-en-USforen-US-en-UStakeoveren-US-en-US8ee1a53566ab
- https://github.com/eladshamir/Whiskeren-IN
- https://github.com/eladshamir/Whiskeren-USPython
- http://Listeneren-USntlmrelayx.py
- http://fr-FRmethodsen-USCoercer.py
- https://cyberstoph.org/posts/2022/03/detectingen-US-en-USshadowen-US-en-UScredentials/
- https://superuser.com/questions/1459190/powershellen-US-en-UScmden-US-en-USfinden-US-en-USfilesen-US-en-USwithen-US-en-USaen-US-en-UScertainen-US-en-USextensionen-US-en-USexcludingen-US-en-USerroren-US-en-USmessagesen-US-en-USfren-USSeatbelt
- https://openvpn.net/community/en-USSample
- https://github.com/OpenVPN/openvpn/blob/master/sample/sampleen-US-en-USconfigen-US-en-USfiles/client.conf
- https://github.com/GhostPack/Certify/commit/71636c435f2e5e7d8d077015en-US4464f44da356ca42en-USCertipyen-US-en-USextensionsiden-USPR
- https://docs.microsoft.com/enen-US-en-USus/windows/desktop/api/dpapi/nfen-US-en-USdpapien-US-en-UScryptprotectdataen-USCryptUnprotectDataen-US
- https://docs.microsoft.com/enen-US-en-USus/windows/desktop/api/dpapi/nfen-US-en-USdpapien-US-en-UScryptunprotectdata
- https://devblogs.microsoft.com/powershellen-US-en-UScommunity/understandingen-US-en-USgeten-US-en-USaclen-US-en-USanden-US-en-USaden-US-en-USdriveen-US-en-USoutput/en-INPage
- https://github.com/Hagrid29/CertifyKiten-USPoshADCSen-USgithuben-US:en-UShttps://github.com/cfalta/PoshAD
- https://learn.microsoft.com/enen-IN-en-INus/windows/security/threaten-IN-en-INprotection/windowsen-IN-en-INdefenderen-IN-en-INapplicationen-IN-en-INcontrol/wdacen-IN-en-INanden-IN-en-INapplockeren-IN-en-INoverview
- https://learn.microsoft.com/enen-US-en-USus/windows/security/threaten-US-en-USprotection/windowsen-US-en-USdefenderen-US-en-USapplicationen-US-en-UScontrol/deployment/deployen-US-en-USwdacen-US-en-USpoliciesen-US-en-USwithen-US-en-USscripten-USWDAC
- https://learn.microsoft.com/enen-US-en-USus/windows/security/threaten-US-en-USprotection/windowsen-US-en-USdefenderen-US-en-USapplicationen-US-en-UScontrol/deployment/deployen-US-en-USwindowsen-US-en-USdefenderen-US-en-USapplicationen-US-en-UScontrolen-US-en-USpoliciesen-US-en-USusingen-US-en-USgroupen-US-en-USpolicy
- https://webappen-US-en-USwdacen-US-en-USwizard.azurewebsites.net
- https://learn.microsoft.com/enen-US-en-USus/windowsen-US-en-UShardware/drivers/install/authenticode
- https://learn.microsoft.com/enen-IN-en-INus/powershell/scripting/learn/remoting/jea/overview
- https://learn.microsoft.com/enen-IN-en-INus/powershell/module/microsoft.powershell.core/newen-IN-en-INpsrolecapabilityfile
- https://learn.microsoft.com/enen-IN-en-INus/powershell/module/microsoft.powershell.core/newen-IN-en-INpssessionconfigurationfile
- https://learn.microsoft.com/enen-US-en-USus/powershell/scripting/learn/remoting/psen-US-en-USremotingen-US-en-USseconden-US-en-UShop?view=powershellen-US-en-US7.3en-USKerberos
- https://book.hacktricks.xyz/windowsen-US-en-UShardening/activeen-US-en-USdirectoryen-US-en-USmethodology/kerberosen-US-en-USdoubleen-US-en-UShopen-US-en-USproblem
- https://learn.microsoft.com/enen-US-en-USus/previousen-US-en-USversions/tnen-US-en-USarchive/cc875821
- https://social.technet.microsoft.com/wiki/contents/articles/7734.certificateen-US-en-USenrollmenten-US-en-USweben-US-en-USservicesen-US-en-USinen-US-en-USactiveen-US-en-USdirectoryen-US-en-UScertificateen-US-en-USservices.aspxen-UShttps://learn.microsoft.com/enen-US-en-USus/previousen-US-en-USversions/windows/iten-US-en-USpro/windowsen-US-en-USserveren-US-en-US2012en-US-en-USr2en-US-en-USanden-US-en-US2012/hh831822
- http://hostfr-FRntlmrelayx.py
- https://ppn.snovvcrash.rocks/pentest/infrastructure/ad/aden-US-en-UScsen-US-en-USabuse/esc8en-USPetitPotamen-USGithuben-US:en-UShttps://github.com/topotam/PetitPotamen-USNtlmrelayxen-USGithuben-US:en-UShttps://github.com/fortra/impacket/blob/master/examples/ntlmrelayx.pyen-USAD
- https://github.com/bats3c/AD
- https://github.com/p0dalirius/Coerceren-USAntien-US-en-USPetitPotamen-USMicrosoft
- https://support.microsoft.com/enen-US-en-USgb/topic/kb5005413en-US-en-USmitigatingen-US-en-USntlmen-US-en-USrelayen-US-en-USattacksen-US-en-USonen-US-en-USactiveen-US-en-USdirectoryen-US-en-UScertificateen-US-en-USservicesen-US-en-USaden-US-en-UScsen-US-en-US3612b773en-US-en-US4043en-US-en-US4aa9en-US-en-USb23den-US-en-USb87910cd3429en-USSpool
- https://msrcen-US-en-USblog.microsoft.com/2021/07/08/clarifieden-US-en-USguidanceen-US-en-USforen-US-en-UScveen-US-en-US2021en-US-en-US34527en-US-en-USwindowsen-US-en-USprinten-US-en-USspooleren-US-en-USvulnerability/en-USSnovvcrashen-USTweet
- https://twitter.com/snovvcrash/status/1552937086587650048en-USAlternate
- https://github.com/p0dalirius/windowsen-US-en-UScoerceden-US-en-USauthenticationen-US-en-USmethods
- https://learn.microsoft.com/enen-IN-en-INus/openspecs/windows_protocols/msen-IN-en-INicpr/9b8ed605en-IN-en-IN6b00en-IN-en-IN41d1en-IN-en-IN9a2aen-IN-en-IN9897e40678fcen-INhttps://blog.compassen-IN-en-INsecurity.com/2022/11/relayingen-IN-en-INtoen-IN-en-INaden-IN-en-INcertificateen-IN-en-INservicesen-IN-en-INoveren-IN-en-INrpc/
- https://github.com/sploutchy/Certipyen-USImpacketen-USfork
- https://github.com/sploutchy/impacket
- https://goteleport.com/blog/howen-US-en-UStoen-US-en-USconfigureen-US-en-USsshen-US-en-UScertificateen-US-en-USbaseden-US-en-USauthentication/
- https://blog.laslabs.com/2016/08/storingen-US-en-USsshen-US-en-USkeysen-US-en-USinen-US-en-USactiveen-US-en-USdirectory/en-USSSH
- https://learn.microsoft.com/enen-US-en-USus/azure/activeen-US-en-USdirectory/fundamentals/authen-US-en-USsshen-USUsing
- https://pldmgg.github.io/2018/07/19/CentralizedSSH.htmlen-USUse
- https://www.vaultproject.io/en-INSeal/Unseal
- https://developer.hashicorp.com/vault/docs/concepts/seal
- https://medium.com/hashicorpen-US-en-USengineering/hashicorpen-US-en-USvaulten-US-en-USsshen-US-en-UScaen-US-en-USanden-US-en-USsentinelen-US-en-US79ea6a6960e5
- https://openvpn.net/communityen-IN-en-INresources/settingen-IN-en-INupen-IN-en-INyouren-IN-en-INownen-IN-en-INcertificateen-IN-en-INauthorityen-IN-en-INca/
- https://manpages.ubuntu.com/manpages/xenial/man1/certutil.1.htmlen-USPk12util
- https://firefoxen-US-en-USsourceen-US-en-USdocs.mozilla.org/security/nss/legacy/reference/nss_tools__colon__pk12util/index.hten-USmlen-USCertificate
- https://stackoverflow.com/questions/4267573/linuxen-US-en-USequivalenten-US-en-USforen-US-en-UStheen-US-en-USwindowsen-US-en-UScertificateen-US-en-USstore
- https://www.tarlogic.com/blog/aden-US-en-UScsen-US-en-USesc7en-US-en-USattacken-USen-USAbusing
- https://www.tarlogic.com/blog/aden-US-en-UScsen-US-en-USmanagecaen-US-en-USrce/AD
- https://learn.microsoft.com/enen-US-en-USus/previousen-US-en-USversions/windows/iten-US-en-USpro/windowsen-US-en-USserveren-US-en-US2008en-US-en-USR2en-US-en-USanden-US-en-US2008/ff955845
- https://learn.microsoft.com/enen-US-en-USus/azure/activeen-US-en-USdirectory/authentication/concepten-US-en-UScertificateen-US-en-USbaseden-US-en-USauthentication
- https://learn.microsoft.com/enen-US-en-USus/azure/activeen-US-en-USdirectory/authentication/concepten-US-en-UScertificateen-US-en-USbaseden-US-en-USauthenticationen-US-en-UStechnicalen-US-en-USdeepen-US-en-USdiveen-USAzure
- https://learn.microsoft.com/enen-US-en-USus/azure/activeen-US-en-USdirectory/authentication/concepten-US-en-USmfaen-US-en-UShowitworks
- https://learn.microsoft.com/enen-IN-en-INus/previousen-IN-en-INversions/windows/iten-IN-en-INpro/windowsen-IN-en-INserveren-IN-en-IN2012en-IN-en-INr2en-IN-en-INanden-IN-en-IN2012/dn786426
- https://social.technet.microsoft.com/wiki/contents/articles/10942.aden-IN-en-INcsen-IN-en-INsecurityen-IN-en-INguidance.aspxen-INen-INWe
- https://github.com/GhostPack/PSPKIAuditen-IN
- https://speakerdeck.com/heirhabarov/huntingen-IN-en-INforen-IN-en-INactiveen-IN-en-INdirectoryen-IN-en-INcertificateen-IN-en-INservicesen-IN-en-INabuseen-IN.en-INen-INThe
- https://techcommunity.microsoft.com/t5/microsoften-IN-en-IN365en-IN-en-INdefenderen-IN-en-INblog/microsoften-IN-en-INdefenderen-IN-en-INforen-IN-en-INidentityen-IN-en-INnowen-IN-en-INdetectsen-IN-en-INsuspicious/baen-IN-en-INp/3743335
- https://medium.com/@cryps1s/detectingen-IN-en-INwindowsen-IN-en-INendpointen-IN-en-INcompromiseen-IN-en-INwithen-IN-en-INsaclsen-IN-en-INcd748e10950
- https://cyberstoph.org/posts/2022/03/detectingen-IN-en-INshadowen-IN-en-INcredentials/en-INhttps://learn.microsoft.com/enen-IN-en-INus/openspecs/windows_protocols/msen-IN-en-INada2/45916e5ben-IN-en-INd66fen-IN-en-IN444een-IN-en-INb1e5en-IN-en-IN5b0666ed4d66
- https://medium.com/falconforce/falconfridayen-IN-en-INdetectingen-IN-en-INunpacingen-IN-en-INanden-IN-en-INshadoweden-IN-en-INcredentialsen-IN-en-IN0xff1een-IN-en-IN2246934247ceen-INhttps://learn.microsoft.com/enen-IN-en-INus/windows/security/threaten-IN-en-INprotection/auditing/eventen-IN-en-IN4769
- https://shenaniganslabs.io/2019/01/28/Waggingen-IN-en-INtheen-IN-en-INDog.html
- https://www.alteredsecurity.com/onlineen-US-en-USlabsen-USen-USFor
- https://www.alteredsecurity.com/bootcampsen-USen-USFor
- https://discord.com/invite/vcEwaRMwJeAD
- Show all