MGR1 represents a worst-case scenario for enterprise security - Domain Admin credentials in cleartext registry, disabled security controls,
high-risk services without authentication barriers, the works. This will allow me to start with basic attack methodologies and improve my red team capabilities
as I introduce new detection mechanisms.
⚔️ Attack Simulations
Registry Credential Extraction
Token Impersonation Attacks
UAC Bypass Techniques
Lateral Movement via RDP
🛡️ Detection & Remediation
Registry Monitoring Queries
Privilege Escalation Detection
Hardening Auto-Logon Systems
RDP Security Best Practices
Critical Findings
🔑 Auto-Logon DA Credentials
marcus_chen (Domain Admin) password stored in cleartext registry via HKLM...Winlogon.
🚫 UAC Disabled
EnableLUA = 0 ensures every process runs with full administrator token silently.
🌐 Unrestricted Remote Access
RDP (3389) and SMB (445) exposed with no network-level controls.
Impact: Lateral Movement