Author Archives: Cornelis de Plaa

Red Team Tactics: Active Directory Recon using ADSI and Reflective DLLs

In this blog post we will explain how you can enumerate Active Directory from Cobalt Strike using the Active Directory Service Interfaces (ADSI) in combination with C/C++. This may help staying under the radar in environments where PowerShell and .NET are heavily monitored. Imagine you are in a TIBER, CBEST or other long-term red team […]