Yossi Sassi (1nTh35h311)Oct 13
Had fun sharing my updated insights & tools for #HAcktiveDirectory #Forensics at
@TheHackSummit
today! Session slides and all scripts demonstrated are UP on github --> https://github.com/YossiSassi/The_Hack_Summit_2025_The-hAcktive-Directory-Toolkit-domain-wide-forensics #DFIR
GitHub - YossiSassi/The_Hack_Summit_2025_The-hAcktive-Directory-Toolkit-domain-wide-forensics: Slides & tools demonstrated from my talk @ 'The Hack Summit' 2025 - The 'Hacktive' Directory toolkit: domain-wide forensics for exploitation/persistence indicators

Slides & tools demonstrated from my talk @ 'The Hack Summit' 2025 - The 'Hacktive' Directory toolkit: domain-wide forensics for exploitation/persistence indicators - YossiSassi/...

GitHub
Yossi Sassi (1nTh35h311)Apr 27, 2025
New script is up: Get-KerberosServiceTicketAudit - Assess Kerberos Cipher and Hash usage in Active Directory environments (e.g. Weak/Deprecated encryption types, or Quantum-resilient candidates)
https://github.com/YossiSassi/Get-KerberosServiceTicketAudit
#HAcktiveDirectory
GitHub - YossiSassi/Get-KerberosServiceTicketAudit: Assess Kerberos Cipher and Hash usage in Active Directory environments (e.g. Weak/Deprecated encryption types, or Quantum-resilient candidates)

Assess Kerberos Cipher and Hash usage in Active Directory environments (e.g. Weak/Deprecated encryption types, or Quantum-resilient candidates) - YossiSassi/Get-KerberosServiceTicketAudit

GitHub
Yossi Sassi (1nTh35h311)Mar 31, 2025
Had fun coming up with One-liner to get sid 500 of every domain, even if renamed, without dependencies:
(New-Object System.Security.Principal.SecurityIdentifier("$((New-Object System.Security.Principal.SecurityIdentifier($(([adsi]'').objectSid), 0)).Value)-500")).Translate([System.Security.Principal.NTAccount]).Value
#HacktiveDirectory
Yossi Sassi (1nTh35h311)Mar 17, 2025
Update: Get-ADPrincipalKerberosTokenGroup now supports discovery of SidHistory in PAC enumeration. Calculates recursive group membership for any user in the domain -
https://github.com/YossiSassi/Get-ADPrincipalKerberosTokenGroup
#HacktiveDirectory
GitHub - YossiSassi/Get-ADPrincipalKerberosTokenGroup: a powershell implementation of PAC enum (similar to getpac.py). does not require privileges. can enum Effective Token (Kerberos group SIDs) for any user

a powershell implementation of PAC enum (similar to getpac.py). does not require privileges. can enum Effective Token (Kerberos group SIDs) for any user - YossiSassi/Get-ADPrincipalKerberosTokenGroup

GitHub
Show threadSynapsenkitzlerSep 30, 2024
@heisec
#activedirectory vs. #hacktivedirectory ;-)
#fefe