Understanding Active Directory

For example, imagine you need to change a user’s password on their user account and there are over 100 devices in the network – this can be very challenging. Within Microsoft Windows Server, you will find many roles and features that can be installed and configured to help IT professionals provide many services and resources to everyone on a network. One such service within Microsoft Windows Server is known as Active Directory. This is a directory service that helps IT professionals centrally manage the users, groups, devices, and policies within the organization. ...

November 24, 2025 · 5 min · 1003 words · 0x-s0M3n4th

Exploiting RDP

First we will enable it into our EXTERNAL-RED domain controller aka windows server 2019. Fire up the VM and open server manager : Refresh the page it should show enabled Imagine if a threat actor or penetration tester could retrieve valid user credentials to access the root Domain Controller (DC) of an organization. Here, the threat actor could potentially take over and control the Windows domain environment, such as its policies, users, groups, and device accounts. Additionally, a threat actor can attempt to gain unauthorized access to client systems that use shared user credentials that are connected to the company’s domain through RDP and further set up persistent access to each compromised device to expand their foothold on the network. Let’s start exploiting: Open kali Let’s do a formal check if the target is visible on the network or not: nmap -sn 192.168.83.0/24 --exclude 192.168.83.128 3. Identifying if RDP is running on the target 192.168.83.140 ...

November 24, 2025 · 3 min · 618 words · 0x-s0M3n4th

Practical Demo: Windows Forensics

Volatile data collection: system uptime and current time: In command prompt: (date /t) & (time /t) systeminfo | find "Boot Time" In powershell: (Get-Date) - (gcim Win32_OperatingSystem).LastBootUpTime Network parameters(NetBIOS name cache, active connections, routing table etc): nbtstat -c netstat -ano netstat -rn ipconfig /all Promiscous mode detection on NICs through powershell: Get-NetAdapter | Format-List -Property ifAlias, PromiscuousMode Sysinternal tools: logged on users info: PsLoggedon.exe -x logonsessions.exe -p net sessions net user user_name Hash analysis: Using powershell: Get-FileHash .\FTK_sample_00.E01 -Algorithm MD5 Get-FileHash .\FTK_sample_00.E01 -Algorithm SHA128 Open file information: net file list of running processes, services: tasklist /svc scheduled tasks info: schtasks /query history checking: doskey /history In powershell: ...

November 8, 2025 · 2 min · 255 words · Me