Windows by design allows authenticated users to install and add drivers to a printer impersonating SYSTEM privileges, which could be exploited to achieve LPE and RCE (CVE-2021-1675). The only known mitigation for this vulnerability until this date (Wed, 21 July 2021) is to disable the print spooler service.

The intent of this post is only to record tools, techniques and concepts behind some Active Directory (AD) delegation attacks for personal use.

… So I can return to these shenanigans and refresh my memory in the future. ;)

I recently took the amazing “Windows Red Team Lab” course from PentesterAcademy, a prerequisite course for the Certified Red Team Expert (CRTE) certification. I must confess that I had my eye on this course for some time, mainly due to the topics covered in its content (anyone who knows me knows how much I like Active Directory exploitation and everything it involves ;). As I was a little tired of the HackTheBox boxes routine, I decided it would be a good time to start the lab and learn new AD stuff.

The purpose of this review is just to pass on a little of the experience I had in the lab and in the exam. Obviously, I have no intention of providing spoilers, lab walkthrough nor anything like that.

Na teoria da complexidade computacional, o problema da satisfatibilidade booleana (SAT) é reconhecidamente um dos primeiros NP-completo. O problema visa encontrar uma solução verdade para uma dada fórmula booleana, e caso encontrada, a fórmula é considerada “satisfatível”.