📄️ Credentials
Domains are often used in multiple regional locations, and having a single Domain Controller would significantly delay any Authentication services in AD. As such, these Organizations make use of multiple DC's, so it is possible to Authenticate with the same Credentials in two different Locations (This Process is Called Domain Replication).
🗃️ Tickets
2 items
📄️ Certificates
Certificates can also be used for Persistence. All we need is a Valid Certificate that can be used for Client Authentication. This will allow us to use the Certificate to request a TGT.
🗃️ SID
2 items
🗃️ Groups
2 items
📄️ Access Control List
In order to ensure a Good Persistence and make the detection for the Blue Team Harder, we can Inject into the Templates that generate the Default Groups. By Injecting into these Templates, even if the Blue Team remove our Membership, we just need to Wait until the Template Refreshes, and we will once again be granted Membership.
📄️ Group Policy Management
Group Policy Management (GPO) in AD provides a Central Mechanism to Manage the Local Policy Configuration of all Domain-Joined Machines. This includes Configuration such as membership to Restricted Groups, Firewall and AV Configuration, and which Scripts should be executed upon Startup. GPO can be targeted by Attackers to Deploy Persistence across the entire Estate. Even worse is that the Attacker can often hide the GPO in such a way that it becomes almost Impossible to Remove it.