Nikhil Mittal @nikhil_mitt Twitter profile

Pinned Tweet

Nikhil Mittal

1 month

Enrollment is open for October 2024 batches for three of @AlteredSecurity 's popular bootcamps. Learn on-prem and Azure red teaming with us. Join @RedByte1337 and me for these hands-on live classes. #RedTeam #Pentesting #Azure

0

11

15

Last Seen Profiles

@stw_pdg

@BobbyRooneyy

@Mexia_ISD

@MrugbyYoshi

@FindomRose18

@KhoiLe2003

@Brunocomunika

@prosta_ul1k

@CGS_RSA

@MirianMeriQuei

@Mintek_RSA

@saggy1588

@emelinotemily

@Pako13123829591

@SVDrosia

@AugustReavau

@wagner_agronuns

@javeedipsup

@diwilab

@DyllanZrf

@BygB304

@lexxx_20

@ell_shuma

@unosaintt

@naigaiy

@a137r

@AdriannaA79024

@maasmejor_

@franklinveaux

@RobertDePinho81

@erushaVA

@SuellenFor33128

@bokeplokalmalam

@SisekoMkonde

@DogenPunished

@Lamny

Nikhil Mittal

@nikhil_mitt

5 months

🚨 I am giving away 1 seat each of our June Red team (CRTP) and Azure (CARTP) bootcamps. 🚨 Repost, like and reply to this tweet to participate. I will announce the winners on Monday (27th May). #redteam #pentest #giveaway

588

660

889

Nikhil Mittal

@nikhil_mitt

4 years

Got clear-text password of a user but #Azure AD enforces 2FA? Try changing the User-Agent string. The 'platform' in Conditional Access policies is determined by User-Agent string of the browser. #RedTeam

14

341

873

Nikhil Mittal

@nikhil_mitt

3 years

Never tried this before! 200 RTs and I will do an 'Introduction to Azure Penetration Testing' class for FREE sometime during the Holiday season. #Azure #Pentesting #redteam

28

455

635

Nikhil Mittal

@nikhil_mitt

6 years

Have you checked your PSReadline history lately? Do you know it stores the commands in clear-text and is persistent across reboots? This is on a Domain Controller. #PowerShell #RedTeam

19

297

638

Nikhil Mittal

@nikhil_mitt

8 months

I am giving away 1 seat each for our upcoming bootcamps. Azure Cloud Attacks (CARTP) - 3rd Feb (9:00 AM ET) Active Directory Attacks (CRTP) - 4th Feb (9:00 AM ET) Please Reply, Like and Repost to participate. The winners will be announced on Friday 2nd Feb 2024.

339

376

554

Nikhil Mittal

@nikhil_mitt

7 days

September giveaway! I am giving away 1 seat each for @AlteredSecurity on-demand CRTP and AD CS courses. Please Reply, Repost and Like this post to participate. I will announce 1 random winner for each on 30th September. Make sure to reply with which one

Certifications | Altered Security

Red Team Lab, Active Directory Lab, Red Team Trainings, Azure Pentesting, Azure Security, Azure Red Team Lab, Enterprise Security and Red Team Certifications (CRTP, CRTE, CRTM, CARTP and more)

www.alteredsecurity.com

409

396

584

Nikhil Mittal

@nikhil_mitt

3 years

We always wanted a reference for Windows Logon types and credentials that can be extracted for each one. So @chiragsavla94 wrote one! #RedTeam #ActiveDirectory #Windows

Fantastic Windows Logon types and Where to Find Credentials in Them

Hello All,In this blog post we will explore and learn about various Windows Logon Types and understand how are these logon type events are generated. We will also see if we can extract credentials...

www.alteredsecurity.com

5

193

443

Nikhil Mittal

@nikhil_mitt

1 year

I am giving away 2 seats of our #CRTP course with one month lab access () Retweet this tweet and reply with why would you like the course. We will choose 2 random winners on 1st June 2023. #infosec #AlteredSecurity

254

310

382

Nikhil Mittal

@nikhil_mitt

10 months

[Announcement] Super excited to announce "Red Labs and Challenges Platform (beta)" - We begin with: - FREE 100 individual labs for Azure Red Teaming - Dedicated lab for everyone - 17 badges to earn from - 11 learning paths Have fun and leave feedback!

14

105

378

Nikhil Mittal

@nikhil_mitt

3 years

If you steal my Azure course and put it up on @udemy . At least make the effort of changing the description!

14

15

304

Nikhil Mittal

@nikhil_mitt

7 years

Neat! DNSAdmin to DC compromise. Are you auditing ACL in your Domain? #ActiveDirectory

Feature, not bug: DNSAdmin to DC compromise in one line

Background

medium.com

4

209

274

Nikhil Mittal

@nikhil_mitt

6 years

[Blog] Silently turn off Active Directory Auditing using DCShadow. #Mimikatz #RedTeam #ActiveDirectory

3

157

277

Nikhil Mittal

@nikhil_mitt

1 year

Super glad to announce our new course and lab - AD CS Attacks for Red and Blue Teams. Learn and practice AD CS attacks in an enterprise-like lab environment. Includes an 11+ hours of video course! We worked really hard on this and excited to bring it to you. As always, we have

10

66

258

Nikhil Mittal

@nikhil_mitt

7 years

tldr2; Use a non-existent user for creating Golden Ticket and it doesn't get detected even if NTLM hash is used ;) #MicrosoftATA #RedTeam

3

173

253

Nikhil Mittal

@nikhil_mitt

3 years

ICYMI, there is a free course and lab - Introduction to Azure Penetration Testing - available at #Azure #Pentest #redteam

0

87

242

Nikhil Mittal

@nikhil_mitt

4 years

Announcing 'Attacking Active Directory with Linux' lab. Dedicated lab for each student, Windows Server 2019 targets, victim view and 6+ hours of video content. cc @SecurityTube #LinuxAD

4

54

229

Nikhil Mittal

@nikhil_mitt

11 months

Announcing "An Introduction to Azure Red Teaming" - A FREE live class with hands-on lab. Starts 16th December 2023 - 9:00 AM EST. We will run the class using our upcoming Red Team Labs Platform. Register here - Please share with friends, colleagues and

3

75

228

Nikhil Mittal

@nikhil_mitt

11 months

You asked, we listened. We are introducing MDE and its bypasses in our upcoming Active Directory Attacks (CRTP) bootcamp. One of the most requested updates. Still beta/experimental!

5

42

222

Nikhil Mittal

@nikhil_mitt

6 years

Landed on a box using Windows Firewall? Use this #PowerShell cmd to enumerate IPs explicitly allowed Get-NetFirewallRule -Action Allow | Get-NetFirewallAddressFilter | ?{$_.RemoteAddress -ne "any" -and $_.RemoteAddress -ne "LocalSubnet" -and $_.RemoteAddress -ne "LocalSubnet6"}

0

104

225

Nikhil Mittal

@nikhil_mitt

2 years

ICYMI, our free course and hands-on lab 'Introduction to Azure Penetration Testing' is available at We already have more than 5500 (you read that right) students who took the course and attempted the labs! #Azure #Pentesting #RedTeam

3

81

224

Nikhil Mittal

@nikhil_mitt

10 months

Announcing enrollment for our Red Team Labs and Challenges (beta) and a FREE live class on "An Introduction to Azure Red Teaming" (cc @AlteredSecurity ) #Azure #RedTeam #Pentesting

8

59

219

Nikhil Mittal

@nikhil_mitt

5 years

Fellow hackers, you asked, we listened! Coming soon a lab to practice Active Directory attacks from Linux. Latest servers, interesting flags, dedicated lab for everyone, video walk-through and browser based access. cc @SecurityTube #LinuxAD

10

38

209

Nikhil Mittal

@nikhil_mitt

4 years

If you use an app's secret with PSCredential object and connect to #AzureAD using Az module, there are three reboot persistent locations where the secret is stored in clear-text 1. .Azure\AzureRmContext.json in current user profile 2. PowerShell Console History 3. Transcripts

2

68

200

Nikhil Mittal

@nikhil_mitt

3 years

"I'm starting my first job in Offensive CyberSec ever, in July, at the age of 50. Nothing is impossible " What an inspiring effort! 😍 Glad that I am able to contribute a little to student success! I am going to smile all day and night ☺️

10

16

193

Nikhil Mittal

@nikhil_mitt

2 years

[Announcement] Super glad to announce availability of Red Team labs on Also excited to launch the on-demand course for Attacking and Defending Azure - Also check out our bootcamps that start in March'23 -

10

34

185

Nikhil Mittal

@nikhil_mitt

7 years

Sweet! Domain persistence using #DCShadow without DA - minimal permissions required. Blog post soon. #ActiveDirectory #RedTeam

0

72

181

Nikhil Mittal

@nikhil_mitt

1 year

August giveaway! We are giving away one seat each for @AlteredSecurity September'23 bootcamps! Reply and Retweet to enter. Winners will be announced on 23rd August. Attacking and Defending Azure - Beginner's Edition (CARTP) - Attacking and Defending

173

201

170

Nikhil Mittal

@nikhil_mitt

4 months

"When the hunter becomes the hunted: Using custom callbacks to disable EDRs" A fantastic blog post by @d1rkmtr that is full of knowledge and a teaser! #Redteam #Pentesting #EDR

When the hunter becomes the hunted: Using custom callbacks to disable EDRs

IntroIn the ever-evolving landscape of cybersecurity, the race between attackers and defenders is relentless. Security mechanisms, particularly those at the kernel level, are designed to provide...

www.alteredsecurity.com

1

47

179

Nikhil Mittal

@nikhil_mitt

6 years

Do you know you can test your payloads as if they are downloaded (for Protected View), use: Set-Content C:\payloads\payload.xls -Stream "Zone.Identifier" -Value "[ZoneTransfer]`nZoneId=4 #PowerShell

3

62

177

Nikhil Mittal

@nikhil_mitt

3 years

Wrapped up the Introduction to Azure Pentesting class! This was super fun and I had a great time teaching. Access the course video and the lab here -

Nikhil Mittal

@nikhil_mitt

3 years

Never tried this before! 200 RTs and I will do an 'Introduction to Azure Penetration Testing' class for FREE sometime during the Holiday season. #Azure #Pentesting #redteam

28

455

635

6

48

172

Nikhil Mittal

@nikhil_mitt

4 years

#BlueTeam Tip - Don't use high privilege accounts (like DAs) to run services. Protections like Credential Guard, Protected Users group etc. cannot protect service accounts as their passwords are stored in registry. #ActiveDirectory

5

40

165

Nikhil Mittal

@nikhil_mitt

3 years

This research and blog post is amazing! I will need to read multiple times to fully understand 🔥

Resource Hub - SecureAuth

Explore SecureAuth's resources to learn more about better workforce and customer identity and access management.

www.secureauth.com

2

53

171

Nikhil Mittal

@nikhil_mitt

6 years

My Active Directory Deception PowerShell scripts are finally taking shape. A lot of work still needs to be done. Exciting stuff! #Deception #ActiveDirectory

7

56

166

Nikhil Mittal

@nikhil_mitt

7 years

tldr; Use AES keys instead of NTLM hash for Overpass-the-hash and Golden ticket. ATA will not bother you :)

3

123

159

Nikhil Mittal

@nikhil_mitt

1 year

We are hiring top Security Researchers! Join us as a Security Researcher to work on exciting and cutting edge research on Red Team, Azure Security, EDR bypass and more! #infosecjobs #redteam #Azure

2,000+ Security Researcher jobs in India (250 new)

Today’s top 2,000+ Security Researcher jobs in India. Leverage your professional network, and get hired. New Security Researcher jobs added daily.

in.linkedin.com

3

49

160

Nikhil Mittal

@nikhil_mitt

7 years

[Blog] Abusing DNSAdmins privilege for escalation in Active Directory. #RedTeam #ActiveDirectory

3

121

157

Nikhil Mittal

@nikhil_mitt

6 months

Awesome! Three of our certifications CRTP, CRTE and CRTM feature in the list by Japanese Ministry of Economy, Trade and Industry as 'Satisfies the expertise required to provide penetration testing services.' 😍

9

18

155

Nikhil Mittal

@nikhil_mitt

3 years

A fresh Linux VM on Azure still gets vulnerable OMI agent🤦 #OMIGOD

Nikhil Mittal

@nikhil_mitt

3 years

Unauthenticated RCE as root on multiple Azure Services (Automation, Log Analytics etc.)! 🤯

0

12

42

5

43

149

Nikhil Mittal

@nikhil_mitt

5 years

One of the many interesting #Exchange attacks. By default, the Exchange Server is, in effect, a domain admin! (or even an Enterprise Admin depending on the target installation) #RedTeam

5

57

147

Nikhil Mittal

@nikhil_mitt

6 years

[Blog] DCShadow - Minimal permissions, Active Directory Deception, Shadowception and more. #ActiveDirectory #RedTeam #BlueTeam

1

107

147

Nikhil Mittal

@nikhil_mitt

2 years

Also, I gave a talk '0wn Premises: Bypassing Microsoft Defender for Identity'. It focused on practical opsec when attacking an AD environment that has MDI! You can find the slides here - and the video is here -

06 - BruCON 0x0E - 0wn-premises: Bypassing Microsoft Defender for...

Microsoft Defender for Identity (MDI) is a service that protects on-premises Active Directory identities. MDI analyses network traffic, Windows events, SIEM/...

www.youtube.com

1

62

146

Nikhil Mittal

@nikhil_mitt

6 years

MS ActiveDirectory module can now be loaded without touching disk, Thanks to a PR from @D1iv3 #RedTeam #ActiveDirectory

0

65

140

Nikhil Mittal

@nikhil_mitt

7 years

TIL #PowerShell one-liner to get a list of SQL Servers in a network. #RedTeam [.Sql.SqlDataSourceEnumerator]::Instance.GetDataSources()

3

73

138

Nikhil Mittal

@nikhil_mitt

7 years

[Blog] Week of Evading Microsoft ATA - Day 2 - OverPTH and golden ticket #MicrosoftATA #RedTeam #ActiveDirectory

1

122

131

Nikhil Mittal

@nikhil_mitt

4 years

The recording of our workshop 'Hacking Active Directory' with @Cisco is out now.

Cisco and Pentester Academy Attacking Active Directory Class with...

Cisco and Pentester Academy hosted a virtual class on understanding various methods [hacks, tips, and tricks] on attacking Active Directory with the legendar...

www.youtube.com

2

40

130

Nikhil Mittal

@nikhil_mitt

5 years

Fantastic review of our Active Directory Attack-Defense course, lab and exam! #CRTP #ActiveDirectory #RedTeam cc @SecurityTube

0

36

127

Nikhil Mittal

@nikhil_mitt

4 years

Super excited for this! Announcing the 'Attacking and Defending Azure AD Bootcamp'. Learn & practice attacks (and defense) against multiple live Azure tenants and hybrid infrastructure. Four weekend sessions. Starts from 10th April 2021 (10 PM ET) #AzureAD

4

40

125

Nikhil Mittal

@nikhil_mitt

1 year

Offensive PowerShell is (of course) not dead! "In half of the investigations conducted by Mandiant in 2022, adversaries leveraged a command or scripting interpreter to further intrusions with 65% of those cases involving the use of PowerShell" - M-Trends

7

30

124

Nikhil Mittal

@nikhil_mitt

3 months

Help me spread word about #HackerSummer 🌞. Use HACKERSUMMER20OFF to get 20% off on any of @AlteredSecurity on-demand courses. Repost, Like and Comment on this post to get a chance to win a CRTP voucher. I will announce 2 winners on Sunday 7th July.

71

82

125

Nikhil Mittal

@nikhil_mitt

2 years

Our Attacking and Defending Azure class now has on-demand version! Massive lab in a live Azure environment, 15+ hours of videos and CARTP certificate to test the skills that you learned! #Azure #redteam #Pentesting

1

35

122

Nikhil Mittal

@nikhil_mitt

4 months

"Breaking through Defender's Gates - Disabling Tamper Protection and other Defender components". Awesome blog post by @al3x_m3rcer

Breaking through Defender's Gates - Disabling Tamper Protection and other Defender components

SummaryWith the introduction of Tamper Protection, it has now become harder to disable Defender settings as an adversary. This is due to the fact that Tamper Protection and other Defender registry...

www.alteredsecurity.com

1

51

123

Nikhil Mittal

@nikhil_mitt

2 years

If you copy my Azure course slides in a "cheatsheet", at least make the effort to scrub off domain names, object IDs and correct the typos 😒

8

3

119

Nikhil Mittal

@nikhil_mitt

6 years

Glad to announce "Attacking and Defending Active Directory". Beginner friendly online course, lab and hands-on certification :) #ActiveDirectory #RedTeam

4

44

117

Nikhil Mittal

@nikhil_mitt

6 years

You asked, we did! After months of hard work, super glad to finish Attacking and Defending Active Directory :D A video course and live lab at PentesterAcademy @SecurityTube Registrations open soon!

12

33

115

Nikhil Mittal

@nikhil_mitt

3 years

Now that Microsoft has started updating existing Linux VMs on #Azure , we have released a cute little PoC for #OMIGOD . Enjoy!

GitHub - AlteredSecurity/CVE-2021-38647: CVE-2021-38647 - POC to exploit unauthenticated RCE #OMIGOD

CVE-2021-38647 - POC to exploit unauthenticated RCE #OMIGOD - AlteredSecurity/CVE-2021-38647

github.com

1

29

113

Nikhil Mittal

@nikhil_mitt

9 years

Woohoo! Got #PowerShell ICMP reverse shell working. Can't wait to release it. http://t.co/d5wHT9DimL

5

102

110

Nikhil Mittal

@nikhil_mitt

4 years

Remember to make basic changes to bypass some lame signature based detection. Using smbexec? Modifying the name of the service and batch file may help in generating less noise. #LinuxAD

0

53

113

Nikhil Mittal

@nikhil_mitt

3 years

I just did a little victory dance! Got this message in one of the CRTP bootcamp Discord servers. Nothing makes me happier than student success :D

5

1

112

Nikhil Mittal

@nikhil_mitt

4 years

Someone stole our Attacking and Defending Active Directory course and brazenly teaching it in Egypt. Didn't even remove name of PentesterAcademy and #CRTP . This will not end good for them.

10

22

108

Nikhil Mittal

@nikhil_mitt

5 years

[Blog] RACE - Minimal Rights and ACE for Active Directory Dominance #ActiveDirectory #RedTeam #DEFCON27 #RACEToolkit

2

69

108

Nikhil Mittal

@nikhil_mitt

7 years

[Blog] Week of Evading Microsoft ATA - Announcement and Day 1 #MicrosoftATA #RedTeam #ActiveDirectory

0

93

106

Nikhil Mittal

@nikhil_mitt

6 years

Do you know it is possible to use the MS #PowerShell ActiveDirectory module without RSAT and admin privileges? #RedTeam #ActiveDirectory

7

68

106

Nikhil Mittal

@nikhil_mitt

3 years

[Blog] Introduction to 365-Stealer - Understanding and Executing the Illicit Consent Grant attack #Azure #RedTeam

Introduction To 365-Stealer - Understanding and Executing the Illicit Consent Grant Attack

365-Stealer is phishing tool written in python3 which abuses App registrations to perform illicit consent grant attack.

www.alteredsecurity.com

1

54

106

Nikhil Mittal

@nikhil_mitt

7 years

Slides for my talk "PowerShell for Practical Purple Teaming" at @x33fcon . Blog post soon. #PowerShell #PurpleTeam

PowerShell for Practical Purple Teaming

PowerShell for Practical Purple Teaming - Download as a PDF or view online for free

www.slideshare.net

0

80

103

Nikhil Mittal

@nikhil_mitt

8 months

[Announcement] Super excited to announce the Azure Cloud Attacks - Advanced Edition course and lab. Sharpen your Azure red team skills and earn the Certified Azure Red Team Expert (CARTE) certification. Bootcamp starts on 9th March 2024 at 9:30 AM ET.

0

23

104

Nikhil Mittal

@nikhil_mitt

3 years

Google just shared a very good phishing template! Imagine the number of Workspace Administrators who would now be conditioned to click on 'Go to Alert Center' 😈

4

33

103

Nikhil Mittal

@nikhil_mitt

6 years

You asked, we listened! The Red Team Lab now comes with a video course :) cc @SecurityTube #RedTeam #ActiveDirectory #Windows

5

35

103

Nikhil Mittal

@nikhil_mitt

3 years

Introduction to Azure Penetration Testing! December 18th - 10 AM to 1 PM ET (UTC - 5)! Please go to and Sign-in with a Google account to register. Open for 500 users! Keep an eye on our newly launched Discord server too -

Join the Enterprise Security (By Altered Security) Discord Server!

Check out the Enterprise Security (By Altered Security) community on Discord - hang out with 7847 other members and enjoy free voice and text chat.

discord.com

6

37

100

Nikhil Mittal

@nikhil_mitt

1 year

Super excited to announce this. Coming soon - A Fun, Exciting and FREE resource to Learn and Practice Red Teaming, Azure and Enterprise Security! Fill this form to share your email with us and we will contact you soon! - Watch this space and

5

20

99

Nikhil Mittal

@nikhil_mitt

7 years

[Blog] A critique of logging capabilities in #PowerShell v6.

2

59

95

Nikhil Mittal

@nikhil_mitt

10 months

ICYMI, we ( @AlteredSecurity ) are running a FREE class with hands-on lab - "An Introduction to Azure Red Teaming" on 16th December 2023 (9:00 AM EST). Register here - #Azure #RedTeam #Pentesting

1

24

92

Nikhil Mittal

@nikhil_mitt

5 months

We are hiring Security Researchers (Remote). Be a part of the core research team of @AlteredSecurity ! Work on cutting edge technologies with top salary in the industry. Please apply only: - If you can prove your red teaming skills with your blog and GitHub. - If you have

2

20

82

Nikhil Mittal

@nikhil_mitt

5 years

Final stages of testing in progress for our LinuxAD lab. Not committing dates but should be released very soon :P

7

15

94

Nikhil Mittal

@nikhil_mitt

7 years

Slides of my talk on #ATA at #BHUSA today. Blog posts soon :)

Evading Microsoft ATA for Active Directory Domination

Evading Microsoft ATA for Active Directory Domination - Download as a PDF or view online for free

www.slideshare.net

6

66

92

Nikhil Mittal

@nikhil_mitt

7 years

Out-Excel can now use the well known DDE technique. #Nishang #PowerShell

4

66

91

Nikhil Mittal

@nikhil_mitt

3 years

If you have Microsoft.Compute/virtualMachines/runCommand/action permissions on an Azure VM, use the 'Run Commands' API or Invoke-AzVMRunCommand to run a PowerShell script on the VM. No network restriction (including JIT Access or ANH) blocks this! #Azure #RedTeam

1

26

91

Nikhil Mittal

@nikhil_mitt

8 years

WMI blocked on host firewall? You can still use CIM cmdlets even if the target system has PSv2. #PowerShell #WMI

2

62

90

Nikhil Mittal

@nikhil_mitt

8 years

[Blog] Using SQL Server for attacking a Forest Trust. #ActiveDirectory #RedTeam #PowerShell

2

75

88

Nikhil Mittal

@nikhil_mitt

4 years

What makes me happy? This! #CRTP #CRTE

2

8

87

Nikhil Mittal

@nikhil_mitt

5 years

[Blog] How NOT to use the PAM trust - Leveraging Shadow Principals for Cross Forest Attacks. #RedTeam #ActiveDirectory

4

40

90

Nikhil Mittal

@nikhil_mitt

3 years

Do you have any tool/blog/technique that you would like to share? Leave a reply! #AmplifyFriday

27

28

87

Nikhil Mittal

@nikhil_mitt

5 years

We launched free CTFs today at . Please utilize it to the fullest. Make most of your free time and force us to add more free content to it :)

Pentester Academy

@SecurityTube

5 years

Many of you've requested us to run FREE Public CTFs - we are finally launching our early Beta: ! We will be adding new features and content on it weekly. Enjoy!

2

68

176

1

27

86

Nikhil Mittal

@nikhil_mitt

6 years

Super excited for this! Months of hard work!

Pentester Academy

@SecurityTube

6 years

Big Launch this week! Windows Red Team Lab with @nikhil_mitt Stay Tuned! This lab has some INSANE LEVEL challenges!

10

32

109

4

28

85

Nikhil Mittal

@nikhil_mitt

4 years

Make sure that your #Sysmon (event ID 3) logs catch network connections initiated from PSRemoting. For example, a PowerShell download-execute cradle log will have an Image that points to wsmprovhost.exe (not powershell.exe) #BlueTeam

1

30

84

Nikhil Mittal

@nikhil_mitt

2 years

Someone ( @BlWasp_ ) has been busy copying my course slides and presenting them as 'cheatsheets'. When I pointed out that the 'cheatsheet' is verbatim copy of my courses, this person brought a team of idiots to troll me. Note that even the typo 'syadmin' is same!

18

15

82

Nikhil Mittal

@nikhil_mitt

4 years

You asked, we listened! Announcing the 'Attacking and Defending Active Directory - Advanced Edition Bootcamp'. It includes an all new lab and a #CRTE attempt. Starts 10th Jan 2021 - 1:00 PM ET #ActiveDirectory #RedTeam

1

21

78

Nikhil Mittal

@nikhil_mitt

5 years

Super stoked to announce that I will speak at #DEFCON 27 main stage on 'RACE - Minimal Rights and ACE for Active Directory Dominance' :D

11

8

75

Nikhil Mittal

@nikhil_mitt

4 years

Check if deployment in any #Azure resource group has a parameter with term like 'password' and show the value. Reader access required for the resource group. #RedTeam (Get-AzResourceGroup | Get-AzResourceGroupDeployment).Parameters | %{$_.[string]($_.Keys -like "*password*")}

2

19

76

Nikhil Mittal

@nikhil_mitt

6 years

@cyb3rops By default, in the user profile:\AppData\Roaming\Microsoft\Windows\PowerShell\PSReadline\ConsoleHost_history.txt

1

14

77

Nikhil Mittal

@nikhil_mitt

7 years

[Blog] Week of Evading Microsoft ATA - Day 3 - Constrained Delegation, Attacks across trusts, DCSync and DNSAdmins

3

65

75

Nikhil Mittal

@nikhil_mitt

2 years

We are running a NEW bootcamp "Azure Application Security: Beginner's Edition' in July 2022! Packed with abuses for Graph API, Enterprise Apps, AppService, Function Apps, Cosmos DB, API Security, WAF and more! #Azure #AppSec

6

22

74

Nikhil Mittal

@nikhil_mitt

2 years

TIL that it is possible to exclude Account Operators, Server Operators, Print Operators and Backup Operators from SDProp/AdminSDHolder! #ActiveDirectory #RedTeam

Active Directory Security: Understanding the AdminSDHolder Object - Petri IT Knowledgebase

In this Ask the Admin, Russell Smith explains how this mechanism works and how you can change the way that it works.

petri.com

2

25

75

Nikhil Mittal

@nikhil_mitt

5 years

Doesn't get detected by latest ATA (version 1.9.7478.57683)

🥝🏳️‍🌈 Benjamin Delpy

@gentilkiwi

5 years

- have NTLM hash of a DC ? - need computer/server/dc NTLM/RC4 key ? - ...but affraid to make silver ticket and/or DCSync (detection) ? Use NT 3.5 protocol against a 2019 DC, because, yes: LEGACY 🤷‍♂️ (so old, but so good: )

8

258

571

0

29

72

Nikhil Mittal

@nikhil_mitt

2 years

[Blog] My non-tech post on "Our vision for Red Team Labs, Platform and Certifications (CRTP, CRTE, CARTP and more)" #AlteredSecurity

Our vision for Red Team Labs, Platform and Certifications (CRTP, CRTE, CARTP and more)

Back in 2012, I started teaching about Red Team, Penetration Testing, Active Directory Security and Offensive PowerShell. I did a couple of workshops at BlackHat plus some private classes and quickly...

www.alteredsecurity.com

4

27

71

Nikhil Mittal

@nikhil_mitt

11 months

We are working hard to bring to you a fantastic FREE resource to learn Azure Red Teaming, Enterprise Security and on-prem Red Teaming. Fill this form to share your email with us and we will contact you soon! - Watch this space and @alteredsecurity

2

12

72

Nikhil Mittal

@nikhil_mitt

4 years

Awesome! Our #CRTE () & #PACES () certifications are listed in job listing for '.. Attack Simulation Specialist, Technology & Operations' by DBS Bank Singapore. #PentesterAcademy cc @SecurityTube @vivekramac

2

11

72

Nikhil Mittal

@nikhil_mitt

1 year

Four of @AlteredSecurity classes are featured in this fantastic review of Red Team training by @NVISO_Labs #redteam #Pentesting #enterprisesecurity

Unlocking the power of Red Teaming: An overview of trainings and certifications

NVISO enjoys an excellent working relationship with SANS and has been involved as Instructors and Course Authors for a variety of their courses: For SEC511, Continuous Monitoring and Security Opera…

blog.nviso.eu

2

23

70

Nikhil Mittal

@nikhil_mitt

1 year

Giveaway time! I have 1 online ticket to giveaway for @ArabConf . Please Retweet and Reply to participate. I will announce winners tomorrow. Also, we ( @AlteredSecurity ) are glad to sponsor our labs as prizes for @ascyberwargames

26

44

60

Nikhil Mittal

@nikhil_mitt

7 years

I will speak at @BlackHatEvents #BHUSA on "Evading Microsoft ATA for Active Directory Domination". So excited! :)

9

25

70

Nikhil Mittal

@nikhil_mitt

4 years

Enterprise Admin evidence + student love from @k3nundrum . Made my day :D cc @SecurityTube @vivekramac

2

11

66