Attacking Active Directory - GPP Credentials

Group Policy Preferences / GPP can be used to set passwords for local accounts in an active directory environment, among other things. These passwords are stored in a way that any user or machine can retrieve them and decrypt them, resulting in privilege escalation or lateral movement for an attacker. This method is extremely useful for pentesting active directory environments and real world pentesting. PowerSploit: https://github.com/PowerShellMafia/Po... Having issues downloading PowerSploit in PowerShell from TLS errors? Try these commands: 1. [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls, [Net.SecurityProtocolType]::Tls11, [Net.SecurityProtocolType]::Tls12, [Net.SecurityProtocolType]::Ssl3 2. [Net.ServicePointManager]::SecurityProtocol = "Tls, Tls11, Tls12, Ssl3" Join my new Discord server: discord.gg/9CvTtHqWCX Follow me on Twitter for updates:   / 0xconda   If you found this video helpful and would like to support future creations, please considering visiting the following links: Buy Me a Coffee: https://www.buymeacoffee.com/conda Check out Impacket: https://github.com/SecureAuthCorp/imp... 00:00 What are GPP credentials? 03:48 Lab setup 07:34 Exploiting GPP credentials #Pentesting #ActiveDirectory