Credentials Harvesting

Welcome to Credentials Harvesting

This room discusses the fundamental knowledge for red teamers taking advantage of obtained credentials to perform Lateral Movement and access resources within the AD environment. We will be showing how to obtain, reuse, and impersonate user credentials. 

Credential harvesting consists of techniques for obtaining credentials like login information, account names, and passwords. It is a technique of extracting credential information from a system in various locations such as clear-text files, registry, memory dumping, etc. 

As a red teamer, gaining access to legitimate credentials has benefits:

• It can give access to systems (Lateral Movement).
• It makes it harder to detect our actions.
• It provides the opportunity to create and manage accounts to help achieve the end goals of a red team engagement.

Learning Objectives

• Understand the method of extracting credentials from local windows (SAM database)
• Learn how to access Windows memory and dump clear-text passwords and authentication tickets locally and remotely.
• Introduction to Windows Credentials Manager and how to extract credentials.
• Learn methods of extracting credentials for Domain Controller
• Enumerate the Local Administrator Password Solution (LAPS) feature.
• Introduction to AD attacks that lead to obtaining credentials.

Room Prerequisites

We strongly suggest finishing the following Active Directory rooms before diving into this room:

• Jr. Penetration Tester Path
• Active Directory Basics
• Breaching AD
• Enumerating AD
• Lateral Movement and Pivoting