Category: Purple Team
-
Golden dMSA
Delegated Managed Service Account (dMSA) was introduced by Microsoft in Windows Server 2025 to prevent Kerberos related attacks such as Kerberoasting by binding authentication of service accounts to device identity. The BadSuccessor technique abused dMSA objects for lateral movement. However, following the research from Akamai on BadSuccessor, Semperis identified a…
-
Active Directory Enumeration – ADWS
Microsoft introduced Active Directory Web Services (ADWS) in Windows Server 2008 R2 as a method to provide an interface to instances for querying and managing Active Directory over a network. The service runs on domain controllers by default on TCP port 9389 and communication is performed via the Simple Object…
-
Lateral Movement – BitLocker
BitLocker is a full disk encryption feature which was designed to protect data by providing encryption to entire volumes. In Windows endpoints (workstations, laptop devices etc.), BitLocker is typically enabled to prevent unauthorized access to data stored on the drive in the event of device theft or loss. Every application…
-
BadSuccessor
Microsoft has introduced a feature in Windows Server 2025 to prevent credential harvesting via Kerberoasting and other credential stuffing attacks. This new feature comes in the form of a new account type called dMSA (delegated Managed Service Account) and enables administrators to migrate standard service accounts to machine accounts with…
Purple Team 