Credential Access¶

T1110.003 - Brute Force: Password Spraying¶

Variation 1¶

This module uses the LogonUser Win32 API to test a single password across random users obtained via LDAP.

Variation 2¶

This module uses the WNetAddConnection2 Win32 API to test a single password across random users and random hosts obtained via LDAP.

T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting¶

This module uses the KerberosRequestorSecurityToken Class to obtain Kerberos service tickets.

T1003.001 - OS Credential Dumping: LSASS Memory¶

This module uses the GetProcessesByName and MiniDumpWriteDump Win32 API functions to create a memory dump of the lsass.exe process.

Read the Docs v: latest

Versions: latest; stable

Downloads: pdf; html; epub

On Read the Docs: Project Home; Builds

Free document hosting provided by Read the Docs.