<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/"><channel><title>active-directory on root@j0su</title><link>https://josupalacios99.github.io/blog/en/tags/active-directory/</link><description>Recent content in active-directory on root@j0su</description><generator>Hugo</generator><language>en-US</language><copyright>2026 root@j0su · think like the adversary</copyright><lastBuildDate>Tue, 30 Jun 2026 10:00:00 +0200</lastBuildDate><atom:link href="https://josupalacios99.github.io/blog/en/tags/active-directory/index.xml" rel="self" type="application/rss+xml"/><item><title>ntlmrelayx and ADCS: when the certificate arrives but doesn't work</title><link>https://josupalacios99.github.io/blog/en/posts/adcs-ntlmrelayx-sid-extension/</link><pubDate>Tue, 30 Jun 2026 10:00:00 +0200</pubDate><guid>https://josupalacios99.github.io/blog/en/posts/adcs-ntlmrelayx-sid-extension/</guid><description>ADCS relay with ntlmrelayx generates certificates that certipy v5 rejects with &amp;lsquo;Object SID mismatch&amp;rsquo;. The root cause is KB5014754: modern DCs require the certificate to contain the user&amp;rsquo;s SID in a Microsoft-proprietary extension. ntlmrelayx doesn&amp;rsquo;t include it. Here&amp;rsquo;s why and how to fix it.</description></item><item><title>ADWS: enumerating Active Directory through the back door</title><link>https://josupalacios99.github.io/blog/en/posts/adws-enumeracion-sigilosa-active-directory/</link><pubDate>Thu, 18 Jun 2026 10:00:00 +0200</pubDate><guid>https://josupalacios99.github.io/blog/en/posts/adws-enumeracion-sigilosa-active-directory/</guid><description>Almost all Active Directory enumeration goes through LDAP (389/636), which is precisely the most watched channel in the domain. ADWS is a side door on port 9389 that accepts the same LDAP queries but is barely monitored. How it works under the hood, why its OPSEC is so good, and why it isn&amp;rsquo;t invisible.</description></item><item><title>Veeam Backup: from the organization's safeguard to the attacker's master key</title><link>https://josupalacios99.github.io/blog/en/posts/veeam-backup-llave-maestra/</link><pubDate>Mon, 05 May 2025 09:57:36 +0000</pubDate><guid>https://josupalacios99.github.io/blog/en/posts/veeam-backup-llave-maestra/</guid><description>Veeam Backup: what would happen if this protection solution became the entry point for a malicious actor? Two approaches to dump the SAM and extract DPAPI master keys while evading AV/EDR, using Veeam as a pivot toward critical services.</description></item></channel></rss>