Jon cave

Jon Cave William Knowles
30 Jan 2018

Enumerating remote access policies through GPO

This article details techniques for enumerating remote access policies in Windows environments through Group Policy Objects. It explores how User Account Control (UAC) and User Rights Assignment (URA) settings impact remote authentication and lateral movement opportunities. PowerView extensions were introduced to help map computer objects with specific remote authentication configurations.

Ben Campbell Jon Cave
16 Dec 2014

Digging into MS14-068, Exploitation and Defence

MS14-068 is a critical Windows vulnerability in Kerberos authentication that allows any authenticated domain user to forge a Privilege Attribute Certificate (PAC) and escalate privileges to domain administrator. The vulnerability enables an attacker to manipulate PAC signatures and bypass authentication controls on domain controllers running Windows 2008 and earlier. Exploitation requires only a standard domain user account and can be performed using tools like PyKEK and Impacket.