References
- Evil-WinRM: https://github.com/Hackplayers/evil-winrm
- Set up JEA in the lab: https://cheats.philkeeble.com/active-directory/ad-privilege-escalation/jea
- RACE toolkit: https://github.com/samratashok/RACE
- User Rights Assignment: RDP - https://blog.cptjesus.com/posts/userrightsassignment/
- RestrictedAdmin: https://github.com/GhostPack/RestrictedAdmin
- SharpRDP: https://github.com/0xthirteen/SharpRDP
- SharpRDPThief: https://github.com/passthehashbrowns/SharpRDPThief
- Impacket: https://github.com/fortra/impacket
- CVE-2019-1019 writeup: https://securityboulevard.com/2019/06/your-session-key-is-my-session-key-how-to-retrieve-the-session-key-for-any-authentication/
- Dementor: https://github.com/NotMedic/NetNTLMtoSilverTicket/blob/master/dementor.py
- Drop-the-MIC scanner: https://github.com/fox-it/cve-2019-1040-scanner
- Checking the username of logged-in users to the Kerberos tickets: https://gist.github.com/JoeDibley/fd93a9c5b3d45dbd8cbfdd003ddc1bd1...