Category: PowerShell

Troubleshooting Empire and PoshC2_Python HTTPS Connections

I’ve experienced a bit of trouble of late with both Empire and PoshC2_Python payloads failing to call back to their corresponding Empire and/or PoshC2 listener/server. This brief post detailing the fixes/workarounds I’ve used may be helpful to someone else. I understand the issues are a result of the OpenSSL configuration in Kali Linux (The Kali …

Continue reading

Low Privilege Active Directory Enumeration from a non-Domain Joined Host

Scenario You have recovered Domain User credentials for a domain but have  no privileged or interactive access to any targets i.e. no Domain Admin account or any account that is capable of establishing an RDP session. Introduction On a recent engagement I was performing an internal assessment against several untrusted Windows domains. Using Kerberos Domain …

Continue reading