One of the TCM Discord community members SecHamza created a TryHackMe room, and I gave it a spin and wanted to post my write-up about it. Here's my take.
Becoming a domain controller to retrieve credentials through DCSync simply by abusing DS-Install-Replica permissions and leveraging Machine Account Quota. I am the DC now!
Let's face it, not many of us enjoy writing a penetration testing report. If you're one of those rare people who do, kudos to you. For the rest of us, however, we can make the process a bit less daunting. But how?
I'll go through how I would configure a brand-new Windows Server 2022 virtual machine, walk through the entire creation process, and then turn it into a template so it can be quickly deployed at a later time.