Hacks Weekly #1: Group Managed Service Accounts (gMSA) vs. Service Accounts and how to use them.

Рет қаралды 37,544

CQURE Academy

Күн бұрын

Пікірлер: 32

@vsy7888 2 жыл бұрын

very good tutorial - thank you for sharing!

@mohamedwahieb474 Жыл бұрын

Thanks for informative video

@sunilchauhan9794 6 жыл бұрын

As always, Very Informative! Thanks, Paula!

@dieglhix 4 жыл бұрын

I didn't know this feature exist and I always wondered about Srv Accounts vulnerabilities but never investigated further. Thanks!

@CQUREAcademy 4 жыл бұрын

We're happy to help! :)

@zs2959 3 жыл бұрын

Hi, when you first run regedit, security hive was not expandable so you did not see the secrets but after the gsma, hive was changed. I was missing something ? thank you

@fmkabuvideos 6 жыл бұрын

Interesting, I look forward to learning more.

@MOFITECH 5 ай бұрын

Good article Paula! Where can we find the CQ Secrets Dumper? The link doesn't point to a downloadable file. Thanks.

@CQUREAcademy 5 ай бұрын

Hi, thank you for your kind words! We're glad you enjoyed the article. 🦝 You can find the CQ Secrets Dumper on our website: cqureacademy.com/blog/cqsecretsdumper/. In case of any questions let us know!

@AbreTuMente 2 жыл бұрын

Great video!!! thank you so much!!!

@CQUREAcademy 2 жыл бұрын

Thank you!

@3r1ck87 5 жыл бұрын

Thanks, excellent video.

@yanivshalomhelp3579 2 жыл бұрын

Love U. Thanks

@mohammedmustaqueem8362 5 жыл бұрын

Thanks!

@DannyNilsson 2 жыл бұрын

When trying to dump LSAA og access the data, windows defender will trigger alerts.

@jarves1231 3 жыл бұрын

The KDS root key is not replicated to other domain controlles?

@InayetHadi 6 жыл бұрын

When a Powershell script needs admin rights to run how would you designate the service account in the powershell script that requires admin privilage?

@EugenNiedaszkowski 8 жыл бұрын

Wow! That was neat! Paula, may I ask you to tell more about SPNs in your next video?

@osmaster3327 7 жыл бұрын

Great. Thank a lot

@蒋委员长-b7o 4 жыл бұрын

内容很棒，相见恨晚

@chrisgaming5306 5 жыл бұрын

OMG, TY TY TY TY. Life saver.

@atifhameed393 2 ай бұрын

How many virtual machines do i need to perform this lab

@michalb1389 4 жыл бұрын

super Paula

@CQUREAcademy 4 жыл бұрын

Thank you!

@pdc0302 3 жыл бұрын

Thanks Paula! How do you define multiple server on the "New-ADServiceAccount -PrincipalsAllowToRetrieveManagedPassword" statement? do you use comma or semicolons?

@CQUREAcademy 3 жыл бұрын

That's such a great question! The parameter is an array, you can use comma separated values: Set-ADServiceAccount [-Identity] ITFarm1 -PrincipalsAllowedToRetrieveManagedPassword Host1$,Host3$ but best practice is to use group membership Set-ADServiceAccount [-Identity] ITFarm1 -PrincipalsAllowedToRetrieveManagedPassword AD_Group_Name

@pdc0302 3 жыл бұрын

@@CQUREAcademy Thank you!

@tamilankalaigal2 11 ай бұрын

@@CQUREAcademy wat is [-Identity] ITFarm1

@rahulpradhan2568 3 жыл бұрын

Hey Paula - All the tools on your sites are being flagged as virus/Malware etc by antivirus .

@CQUREAcademy 3 жыл бұрын

A lot of our tools publicly available are flagged as malicious by AV engines. It is nothing to worry about, but anyway it is always advisable to run such tools, demo executables or scripts in an isolated test virtual machine. Our things are frequently flagged as malicious, because in our tools while playing with Windows security, we are sometimes performing operations similar to malware. Therefore behaviour pattern of such executables often looks very similar to malware. If you would like to complete the assessment, please whitelist some folder within your virtual machine or completely disable the anti-virus. Also, be sure NOT to use WinZip for our extracting files.

@rahulpradhan2568 3 жыл бұрын

@@CQUREAcademy Thanks for the info. Testing it in my lab environment. Appreciate your quick response !!