Windows environment privsec - Steps to remember
Posted Jan 22, 2025 09:52 AM
As far as I'm learning I try to write down what and where to focus on, so here is a basic check list I have noted down so far to start with Windows 10 20h2 to 21h2 privsec steps. As always, if im missing steps or info, let me know, so I can learn from you.System Info let's see how much info we can get in the system.
- Obtain System information
- Use Metasploit to search to check for exploits
- Browser cookies or harvest credentials via ProcDump.exe
- Drives - RW or R only
- Check Recycle Bin for any interesting files
Logging enumeration (also worth checking our event viewer maybe?)
- Check for LAPS
- LSA or DMA Protection
- Credentials Guard
- Cached Credentials
- Check if any AV
- Any anti-virus on the machine
- UAC
- User Privileges
- Any active Sessions?
Networking Sure im missing a few things here...
- Check current network information
- Check for wifi passwords
- Enumerate the network for shares
DLL Hijacking -
- Can you write in any folder inside PATH?
- Is there any known service binary that tries to load any non-existant DLL?
- Can you write in any binaries folder?
Windows Credentials
- Windows Vault credentials that you could use
- Interesting info in saved RDP Connections
- Passwords in registry
- Remote Desktop Credentials Manager passwords
- SSH keys in registry
- Passwords in unattended files
By following the steps, you can maximize the information obtained from a single machine. Understanding these details, you can identify potential vulnerabilities and develop strategies to protect against attacks.
Having the steps laid out about systems and networks allows you to better optimize you attack or protection. It also helps in pinpointing weak spots and reducing the chances of detection.
Final notes -
Additionally, always ensure to document your findings meticulously. This not only helps in tracking progress but also in creating a reference for future assessments. Regularly update your checklist as new techniques and tools come out.
