Tool Shed Demo: pre-2k – Garrett Foster

Inspired by initial research by TrustedSec’s Oddvar Moe, pre-2k is an Active Directory auditing tool that identifies the existence of computer accounts configured with pre-Windows 2000 compatibility (default password) or without a password entirely. If an account is discovered, the tester can provide flags to store the account’s corresponding .ccache file to their current working directory. Over the course of the last 10 months this tool has been used to establish internal initial access or lateral movement for multiple coworkers and peers from various consultancies across the industry.

Garrett Foster is a Senior Consultant on the Adversarial Simulation team at SpecterOps with four years of industry experience. His primary roles include execution of adversarial simulation assessments and conducting perimeter and internal network penetration tests.