#windows privilege escalation | Explore Tumblr posts and blogs

platinumshawnn · 10 months ago

Text

Bound by Fire and Blood | Benjicot Blackwood — pt v

Synopsis: The Brackens retaliate and send their own men to the frontline and into Blackwood territory four days to the wedding, causing some concerns amongst the members of the Blackwood house.

Kermit is summoned into the rooms of Blackwood's councilman as Samwell and Benjicot as they ready their men for the frontlines for another bloody feud. Benjicot impulsively takes things into his own hands and mistakenly escalates things.

masterlist | playlist | backwards | forward

A/N: I wrote a majority of this on my phone at a festival while i was drunk, i am going to be one hundred percent honest, so idk how it turned out and i am sorry but anyways! we are just about half-way! I tried to connect this sort of to the universe of “to strangers” but there is a small mistake in how Rodrik is related to Aeron that I have since fixed

Content Warning(s): MDNI — 18+, adult language, mentions of blood, violence, and war; era related sexism and gender based harassment/discrimination, sexually suggestive content, mild depictions of family based violence, implied suicide ideation.

Word count: 7.1k

Fingers grazed up the spine of the dress — snug around her hips and lower than she was used to as they worked, ensuring the laces were tight enough that the dress’ bodice clung to her body in a way that was flattering enough to accentuate her womanly curves. The white fabric reached the ends of her toes as she stood above them on a pedestal, swallowing her while her hands remained at her waist, too scared to move in fear of tumbling over and crashing into the floor beneath her as the handmaidens tirelessly worked at her feet to pin the fabric and fix the hem — meanwhile, an additional pair of hands were at her shoulders and adjusting the cape of deep red and blue, embellished with gold thread, fixing it over her shoulders.

Serra had never been fond of dress fittings, as it was an experience she found discomforting and overwhelming — with all the hands on her, the whispers as the women poked and prodded at her. Being placed up on a pedestal, put on display, and being made a spectacle of, did not help the matters. It was painfully awkward having so many eyes on her, critiquing how the dresses fit her, and the closer she had come to being of age to marry, she found they worsened — less bearable as the emphasis at one point or another was placed on her bust, mutters about whether the dress was flattering enough. With age, there was more focus on ensuring she appeared more mature than she felt; wifely and alluring enough for a man’s gaze, and unlike most women of her age who had their mother by their side to talk them through the transition from young, girly dresses to womanly dresses that dipped lower, fit tighter, Serra was not fortunate enough to dawn that privilege.

When she first reached ten-and-six, Kermit, who had then been only a year older than her at ten-and-seven, had tried to sit in on the sessions and talk to her to distract her from the process itself at first. He tried to provide her with conversation and company, as it could become long and drawn out, however it only lasted for a short while before she sensed his discomfort — soon enough, he had begun politely excusing himself with some grumble about not wanting to ‘intrude’ and explaining that he did not feel it proper of him as a man to get in the way of a woman’s business — instead, he had his tasks as a man of the house to tend to but promising that he would check in soon. Though, he hardly did.

This particular session was gruelling, though. She felt as though she had been there all day and worried it would never end; drained and ready to retreat to her room for the next two days as her head was nudged forward by gentle fingers that adjusted the neckline there. Her hair was guided over her left shoulder and neatly splayed down her back, her gaze fixed out the window that overlooked the yards as she listened to the distant sounds of Raventree. She could make out the sound of men arriving at the gate, returning with supplies ahead of the wedding, the gates a never-ending revolving door of men coming and going these days; the fingers on her left hand absentmindedly reaching to twist a finger on her right, “You may step down now.” The elderly woman to her right instructed, reaching out a hand to offer to help her in stepping down.

She turned her head, turning her eyes to her hand as she accepted it, and slowly stepped off the stool, her left hand lifting her skirts out of her way. Her steps were slow and tentative, cautious as to not fall face first as she clenched her jaw with anxiety, only relaxing once both feet were steady on the floor, “Your father has requested the neckline not be brought any lower, we have fixed it to be as low as he has approved.” Orpheus, the elderly septa, explained.

She wordlessly listened to her as she adjusted the skirt around her legs, removing a pin that had been forgotten and circling her, “Your father has suggested you wear a piece from your mother’s jewellery for the wedding.” She said from behind her. “He has provided us with two necklaces he would like you to consider—”

“My Lord.”

The words were sudden and sharp in the soft atmosphere, Grace’s voice high-pitched and bordering shrill as she curtsied from her spot near the wall, the fabric in her arms clutched to her chest, her gaze pinned to the floor. The previous hum of mutters ceased, the room falling silent as the other women followed suit in curtsying in the direction of the doorway behind her. She turned, looking over her shoulder first before she turned, the door now open for the young man who stood there; green eyes watching her with a blank expression as if he was trying to figure out a reaction, “Lord Blackwood.” She announced, his eyes shooting to her face at the words. Serra moved to face him, curtsying to him with a flushed appearance.

His head nodded to her, the women in the room remaining silent. Serra watched as his gaze scanned over her dress, skimming her head to toe and taking in her appearance, and suddenly she felt foolish; face hot and embarrassed as she nervously adjusted her skirt with her hands; his gaze lingering at her hips and chest, taking in the very little skin that was exposed, “You look…” he began to say, voice quiet and pausing, searching for the word, “it suits you.”

Her expression appeared perplexed as her head tilted, mouth opening with a question as she caught the small smile on Grace’s face at the interaction when her head turned to look at her briefly, “I mean to say you look nice.” Benjicot quickly added, explaining himself and stepping forward into the room, though he stopped and remained stuck at the edge of the room, his embarrassment clear on his face as his eyebrows furrowed with a worried frown and reddening.

Serra found herself reminded of his youthfulness, boyish as he glanced towards where Alistair found respite in the corner of the room and cleared his throat, the guard looking at him from the corner of his eye. She was again reminded that despite the tough exterior and his imposing presence, he was still a boy in some ways. She smiled, soft and shy, while smoothing her hands over her bodice, “Thank you, Benjicot.” She sweetly said.

His head nodded again, again allowing a silence to fall over the room before he once again spoke, “I do not mean to intrude…” he said, barely in the room as he took two more steps forward and stopped, “I’m just on the way to meet with your father. I just figured I would stop by.” Benjicot explained, his hands clasping around the hilt of his sword, his fingers drumming absentmindedly.

Serra’s shoulders relaxed with a deep exhale, the first time all morning as her hands brushed down the sides of her skirt, “That’s kind of you.”

He released a hum in response, his eyes shifting from her face as though he was avoiding her gaze — and though the dreary weather outside, with its clouds, didn’t do her sight justice, she could make out the flush of colour that reddened his cheeks whilst his mouth pressed in a tight line.

“We were just about to pick out some jewellery— some necklaces my father picked from my late mother’s collection.” She suddenly announced, breaking the silence. “Would you like to help me choose?”

His eyebrows shot up, his gaze coming back up to her face, mouth opening in protest, “Oh, I’m not a man with a taste for such things, I don’t think I would be of any help.” He replied.

“Nonsense. Just pick whichever you think is prettiest,” she insisted, gesturing him to come forward as she turned then to look to Orpheus who stood nearby, “Show Lord Benjicot and I what father has chosen.”

A look crossed Orpheus’ features, mouth pressed into a line and twitching for a moment as she glanced towards Benjicot, who reluctantly approached. He slowed as she turned to retrieve two cases from a girl behind her, sighing as she faced the couple and presented them to Serra, “Your mother’s wedding pendant— a homage to her natural born house, Mallister. Your father had it commissioned for her as a gift.” The septa explained, allowing Serra to reach out and brush her fingers over the silver eagle pendant with curious fingers. She carefully picked up the necklace, holding it between her fingers as Orpheus watched her, glancing once again at Benjicot.

She presented the second, its gold chain a striking contrast to the delicate ruby flowers that circled it and caught the light in the corner of her eye. She looked up and away from the silver pendant, perking up at the sight of it, “Oh! I haven’t seen this in years.” She exclaimed, her voice pitched and eager like an excited child as she quickly returned the silver pendant to Orpheus’ hands and took the gold chain from her. Beniicot, from her left, watched in silence, his expression still as he allowed her a moment to assess the piece with trembling fingers. His gaze briefly caught the elderly woman’s, drifting up to her and inhaling, met with a small flash of a smile that was polite.

“This one.”

Both Serra and her septa looked at him as he spoke, the younger woman looking at him with wide eyes, “It’s pretty.” He explained, referencing her earlier suggestion. His shoulders rolled, squaring as he stood upright. “You also look like you care for it.”

It was a simple observation, but a meaningful gesture that brought a smile to her face nonetheless as she looked up at him. She turned and nodded to Orpheus, who withdrew with the cases, Serra keeping the necklace as she turned to him, “Could you?” She asked, holding the necklace towards him.

He looked between her and the chain, visibly hesitating before he took it from her fingers with a gentle hand; a contrast to their rough, calloused state from years of training. Her back turned to him, moving her hair out of the way with her right hand to make the task easier — on cue, Benjicot stepped forward until he was close enough that she could feel his warmth radiating, hear the subtle swallow. He cleared his throat from behind her, his hands reaching over her shoulders and around to the base of her neck, letting the necklace rest there against her collarbones, his hands brushing her shoulders as they withdrew to her nape; her hand replacing his to hold the necklace. His fingers fumbled to do the clasp, brows furrowed in concentration and breath fanning across her neck, “There you go.” He said, his right hand briefly planting on her shoulder.

She turned as his hand dropped back to his side, stepping back from her. Her hand reached up to the chain, one of the little flowers between her fingers as she looked down at it, a moment of silence falling over the room.

“Your mother used to wear it all the time.” He stated, seemingly recalling the distant memory from her last visit there — Benjicot had to dig deep, pulling it deep from the catacombs of his mind, faded with time, but still lingering there all those years later. He could still vaguely remember the image of her, curtsying to him and his father, the light catching the rubies as the sun shone in through the windows of the hall, a young Serra at her side — he remembered the gentle nudge she gave her daughter as a reminder to follow her suit. His brows furrowed again at the memory.

“You remember that?” She asked.

He let out another hum, gaze still fixed on the chain as he nodded. Benjicot looked up to her eyes, the dimple in his cheek prominent as he chewed at the inside skin, “Yes.”

He remembered her as kind and warm, a loving and doting mother and wife. He remembered her likeness to her daughter — he remembered rumours that his father had almost vied for her hand, though the venture was short-lived after hearing of her betrothal to Elmo. Sometimes, Benjicot wondered what would have happened if things had taken that path — how different things would have been. Would they still be in this position? Would Benjicot be any different? Would a mother’s kindness have changed the outcome?

He was overcome by guilt at the thought. He remembered his mother as a kind woman with good humour from the memories he’d had of her from childhood, he had just never had the fortune of being able to have that same type of relationship with her that the Tully siblings had with their own. His mouth pursed, his hand absentmindedly wandering on its own to gently touch her cheek, Serra’s expression one of surprise and confusion as she froze.

It suddenly dawned on him what he was doing, his hand quickly withdrawing and stepping back from her, “I’m sorry— I don’t know…” he stammered, his mouth snapping shut and blinking rapidly a couple of times. “I should be on my way, I shouldn’t keep the council waiting too long.” He muttered, his hand disappearing under his cloak and to his side as he spun on his heel to hurry out of the room. Her gaze watched him, still frozen in place and trying to process the sudden mood swing that made her head spin, her mouth opening.

“You mentioned he was an odd man,” Orpheus spoke from behind her.

Serra glanced at her, taking a sharp inhale of air as she looked back toward the door, “Yes, odd.” She said, drawing out the word. The room remained silent for a moment, feeling Septa Orpheus’ eyes on her.

“You forgot to mention how comely he was, however.” She said, her voice lilting a subtle and playful tone.

Serra let out a soft laugh, embarrassed as she turned to find the septa at her side now, “Come, let us finish your fitting. I imagine you would like to get done with this.” Orpheus warmly said, guiding her back towards the stool.

· · ─────── ·𖥸· ─────── · ·

Benjicot sat, nauseous and picking at the skin around his nails as the meeting drew on. He’d spent the past two hours in silence, hardly contributing to the conversation other than short hums or grunts whenever called upon, eyes only lifting for those brief moments. Otherwise, he wallowed in his horror and humiliation for his prior conversation with Serra and avoided any eye contact where he could. It had only dawned on him that afternoon how much of Serra he could see in Kermit’s face when he had arrived to find the eldest Tully, standing outside the doors and expectantly waiting for him.

They hadn’t spoken in the days following their last conversation — the exchange relentlessly haunting Benjicot since, as he’d had nightmares about his mother, who at times blurred with images of her. Instead of his mother at the window’s ledge, he saw Serra, looking back at him. The first time it had happened, he had jumped awake with a gasp as he looked around his room; it had then taken him a while to fall back asleep, scared he would be forced to watch it all over again — watch as she slipped from the ledge with a terrified gasp.

He was thankful that Kermit didn’t say anything when they met, Benjicot still out of it as he approached him. He couldn’t pinpoint the exact detail on him that resembled his sister — maybe it was a twitch in his face or a mannerism, but it was her. He cringed internally and walked in silence to their chairs, being greeted by Elmo. That daze had lasted all morning, only picking out little comments here and there from the conversation at the table, distracted by his own hands. His gaze briefly lifted as Samwell reached across the table from his seat at the head, gently swatting his hand with his own, sucking in a sharp, startled breath and looking up at his father, “You’re not present, Benjicot.” Samwell muttered, his gaze still down the table and not looking at him.

“I am.” He softly sighed.

“No,” Samwell sternly said, his eyes turning to him. “You’re not. I can tell. You’re not here right now.”

It took everything in Benjicot not to snap back and argue, knowing it wasn’t worth it to start a fight over something so minuscule as the frustration crawled up his throat. His hands released one another and dropped onto the table with another sigh, “I’m just…thinking. I apologise.” He replied in a quiet voice.

His father was silent for a moment as he stared at him, eyes briefly glancing towards where Elmo circled the chairs towards a conversation happening on the other side of the table, “Where are you?” He asked, looking back to his son. “Where is your mind?”

He hesitated to reply, his gaze shifting as he tried to muster a reply that would suffice, “It’s nothing, this is more…”

“It’s not nothing if it makes you unable to concentrate on the bigger issue.” He pressed, leaning forward in his seat, his gaze unwavering. “I ask as a father, Benjicot. Tell me.”

The use of his name urged him to look up at his father, blinking a couple of times and opening his mouth, attempting to stammer out some reply — he wanted to tell someone, but Benjicot hardly understood it all himself. He’d yet to figure out what the hell was wrong with him.

The doors slammed open suddenly which finally caught his attention, watching with tired eyes as the guard by the door was shouldered and jostled for a moment as the source of the commotion entered; a group of young men and cousins that Benjicot slowly picked out one by one — his gaze found Emrys strolling in behind the group, his face streaked with dirt and wiping at a bloodied nose as their eyes met. Benjicot watched as his shoulders rose and fell with a sigh, shaking his head at his older cousin and looking towards where the leader of the group rushed in, dagger in hand.

Ser Eryn rushed forward from his corner place towards the young man who approached the table, eyes wild and snarling as the men who had gathered near the end of the table quickly dispersed in various directions to get out of his way; the guard drew his sword and extended a hand towards his arm, grabbing his elbow.

“Get your bloody hands off of me.” The boy snapped, shoving Ser Eryn’s hand off him and stumbling a step.

“Davos.” Samwell firmly said, standing up abruptly to address the boy who was visibly seething — Davos stopped at the end of the table, tossing the knife onto it, the weapon clattering.

“Those Bracken cunts have breached our land.” He said through gritted teeth.

The room fell silent, their attention collectively drawn towards the knife on the table embellished with the Bracken’s sigil. Benjicot leaned forward in its direction, “What do you mean?” Samwell asked.

“They’re on our fucking land!” He snapped, shouting. His father shot his cousin a look, prompting him to clench his jaw, taking a breath to ground himself before speaking again, “We ran into them this morning when we went to survey the boundaries last night as you instructed. They have set camp on our land.” He explained.

The senior councilman, a grizzled veteran Ser Myles Rivers, slammed his fist on the wooden table, his voice gruff and filled with frustration. "Damn it! What have you two done?" His sharp eyes darted between the young lord and his father, his face etched with lines of anger and worry.

"We warned you about pushing too far, about provoking them. And now look! The Brackens have taken it upon themselves to set up camp on our land, challenging our authority, and threatening our people. This is exactly what we feared, and you’ve given them the excuse they needed."

Ser Myles shook his head, the weight of the situation pressing down on him. "This isn’t just a skirmish anymore; it’s a declaration of war. The Brackens want blood, and they won’t stop until they have it. We’re in a dangerous position, and all of Raventree is at risk."

Another council member, Maester Edric, interjected, his tone calmer but no less grave. "We must tread carefully now. Retaliating further could lead to full-scale conflict, something neither side can afford. We need to consider our options—diplomacy, subterfuge, anything to avoid plunging our houses into ruin."

Ser Myles cut in, his voice hardening. "But if we don’t act, we’ll appear weak. The Brackens will think they can encroach on our lands without consequence. We have to show them that Raventree won’t back down, even if it means bloodshed."

"Samwell," he said, his tone carrying the weight of years of service to the Blackwoods, "you’ve always been the voice of wisdom in this hall. We’re on the edge of something that could consume us all. The Brackens are daring us to strike back.”

He paused, searching Samwell’s face for guidance. "What do we do? Do we meet their challenge head-on and risk plunging the Riverlands into chaos? Or is there another way—one that spares us from a conflict that could bleed us dry?"

The room fell silent, every eye on Samwell, waiting for the elder Blackwood to speak, knowing that his counsel could either steer them toward war or guide them toward a more measured path.

Samwell’s gaze settled on Ser Myles. "I understand your frustration, Ser Myles, and I share it. But if we retaliate now, we risk a full-scale war that will stretch our resources and endanger our people. We must show restraint, even if it means appearing weak for a time. We will not act in haste. Instead, we will plan and prepare, ensuring that when we do make a move, it will secure our position without dooming us to unnecessary conflict."

· · ─────── ·𖥸· ─────── · ·

Benjicot adjusted his riding gloves as he and Emrys attempted to hurry down the halls before anyone could see them and question where they were going — he knew the minute he was found out, his father would be notified within minutes and know of his plans. With very little room for error, their pace was a brisk shuffle of feet as he clenched his fist, attempting to break in the leather gloves that felt snug around his knuckles, the halls barely lit by the few torches that remained in this part of the castle.

“Ser Eryn has readied the horses, they’re just waiting beyond the gates for us.” Emrys quietly explained, Benjicot’s eyes lifting to look over at his cousin, “Are you sure you want to do this? Do you think it will work?” Emrys asked, looking at him.

“It will,” Benjicot replied. “What of Davos and his men?”

“They have returned to the borders and will meet us there.” His cousin stated, the two men walking shoulder to shoulder as Benjicot vaguely made out the sound of a horse whinny from the gates — his head turned towards the windows of the hall that overlooked the yard. Through the limited light, he saw the gates open a crack — just enough that one of the guards standing post could speak to someone on the outside.

“Your father is going to be furious, you know.” Emrys suddenly teased, a grin on his face.

“He will come to understand.” He muttered, hands dropping to his sides, “He wanted me to take initiative and act as a lord for the people— if he will not act, I will.” He said, walking ahead a few paces as they reached the stairs, beginning to descend towards the doors as Emrys snorted.

“Atta boy,” Emrys whispered, nudging his shoulder from behind and bringing a grin to Ben’s face finally, the buzz of excitement and anticipation coursing through him. “I can’t wait to wipe that smug fucking smile off of Aeron’s stupid little—”

“Wait- sh, down!” Ben interrupted as a door creaked open behind them, dragging his cousin down a few steps by his elbow and urging him to kneel out of sight on the stairs; concealed and hidden. There was an awkward moment of clamouring and the rustle of their clothing as they ducked, waiting in silence as Emrys nearly tumbled down the stairs; only catching himself by grabbing the wall.

The hallway fell into silence as the minutes passed, the two men completely still as they listened carefully, Ben’s gaze turned to look up towards the top of the stairs trying to peer through the dark to see who it was that had come out of their room at this hour.

“We need to go, it’s probably nobody,” Emrys whispered after a minute.

Benjicot hesitated, hushing him again and growing impatient the longer they were trapped there on the stairs, “Just…wait.” He quietly instructed, releasing his cousin’s arm. His movements were slow, attempting to avoid making too much noise as he stood from his knees and slowly lifted his head to look into the hallway, his eyes scanning.

“Benjicot?” A voice whispered in the dark, his eyes darting up to find Serra standing a few feet away from him. Her head lowered, squinting to look at him and visibly still bleary as he assumed they had woken her, despite their best efforts to be as quiet as they could. And if they had woken her, he realised, there was no doubt they had probably woken others and had drawn too much attention to themselves; it was only a matter of time before they started to pour out into the hallway, alerting the guards and his father.

“Shh.” He quickly replied, standing upright and stumbling up the few stairs that separated them, his hand planting on the ground to push himself upright. He grabbed her arm, pulling her towards a nook in the wall, his eyes darting over her head and scanning their surroundings to check for anyone else in the hall. The torch above them provided enough light to see her face as he looked at her, her eyes wide and confused, “You shouldn’t be out here, what are you doing?”

“I…I was cold.” She quietly explained, “Alistair was supposed to get some more wood for the fire.”

“How long ago did he leave?”

“What?”

He gently shook her, “How long has it been since he went to fetch wood?” He asked, looking down at her.

She winced, shrinking back against the wall, “I don’t know…a few minutes before I heard you. I thought- I thought you were him,” Serra explained, her hands crossing over her chest. “You’re hurting me, Ben, please.” She quietly pleaded. He watched her eyes dart behind him, his head turning to find Emrys slowly standing to watch, ready to lunge forward towards the pair with a look of confusion on his face as he saw Serra.

Benjicot released her elbow suddenly, only then realising how tightly he was holding her and sucking in a deep breath. Serra cradled her arm towards her body, hand rubbing over where his had previously been moments prior and frowning with her mouth slightly ajar, “We don’t have long, Alistair is out.” Benjicot said, turning to look at Emrys.

His attention turned back to Serra, taking in her appearance — her hair slightly ruffled with sleep and cheeks flushed, still visibly exhausted but much more alert now as she looked up at him. His gaze absentmindedly dropped further, becoming aware of what little she was wearing; the fancy gowns of her house colours long since retired for the night, and left stripped down to a thin, loose cream-coloured chemise for sleep; a scarf hung around her shoulders to provide some warmth amidst the cool night. His eyebrows furrowed, Serra shifting uncomfortably under his gaze — Ben took a step to the left, shielding her from Emrys’ gaze, which lingered from behind him.

“Sorry, my lady, we did not mean to wake you.” Emrys politely said, her head popping up over Benjicot’s shoulder to make eye contact with the younger blonde boy who hovered near.

“Where are you going?” She asked, settling back on her heels as she looked up at him.

Benjicot sighed, “Nowhere. It’s time you go back to bed.”

She grabbed his wrist, lifting it in front of them and eyeing the gloves he wore briefly. He yanked his hand free, “So do you frequently just skulk around in your riding gear?” She asked, her voice quiet.

He frowned, head shaking, “No— and it does not concern you. Do not stick your nose where you have no business putting it.”

“It does concern me,” She insisted. “It will concern me, Benjicot, when we are married. Where are you off to?”

“For your good, Serra, please-”

“You’re off to go fight with those Bracken boys, aren’t you?” Serra pointedly asked, her voice firmer than Benjicot had ever heard it before, her tone knowing. It startled him, hearing her so serious and clear; her eyebrows furrowed in a displeased frown. He let out a breath, shoulders slumping as he deflated, stepping back into the wall behind him. His eyes rolled, looking away from her. “I overheard Kermit earlier.” She stated, her voice softening.

“Do you often eavesdrop on the matters of men?” He asked, his voice barely above a mutter.

She hesitated, “Only when it matters.” Serra paused, “Only when it affects me.”

He chewed his bottom lip, that same annoyance and frustration that had lingered in the back of his head that day creeping back up as he huffed, “It is my duty to protect and fight for my house.”

“Yes, it is,” She softly said. “But there are men for that.”

“It is just as much my responsibility as it is theirs— I am equally as trained.” He bit back.

“I know you are,” Serra said, voice smaller now. “But you are also the heir— what should happen if harm comes of you?”

Benjicot’s jaw clenched, mouth snapping shut for the first time during their conversation as his gaze dropped. He was left unable to argue that she had a point, but he had grown restless just waiting for action to be taken, watching while other men fought in place of him.

“It does us no good if you die so soon in this war.”

“What makes you think I would die?” He asked, his gaze still down and muttering like a boy.

“You are not invincible, Benjicot.” She sighed in reply.

The two stood silently, several moments passing before Emrys spoke up again, “I do not mean to interrupt, but if we are going, we must go now. Alistair will surely be back any moment now.” He quietly said, earning a glance from his cousin who inhaled a deep breath, sighing.

“I need to do this— it is what is best for all of us.” He stated, voice more confident and self-assured as he looked her in the eye again, “You do not have to believe me, but I ask that you let me do this and keep this to yourself…just long enough that we make it to the boundaries at least.” He pleaded, his voice low.

Serra eyed him, visibly contemplating his words with a tilted head, sceptical in trusting him; shoulders rising and falling with a breath, as she clutched the fabric of the scarf around her shoulders. Her gaze briefly lowered to his chest, swallowing. He could now make out the sound of footsteps approaching from down the hall and coming around the corner, his eyes lifting from her face and attention turning towards the sound as his heart raced, growing increasingly anxious the longer she remained quiet; caught like a terrified deer in the woods, “Ben, we need to leave now!” Emrys harshly whispered.

She sighed and released her hold on the scarf, sliding it from her shoulders, “I cannot change the mind of a man set in his stubborn ways.” She mumbled, grabbing his wrist to press the thin fabric into his palm. “Take this.” She quietly said.

His eyes shifted to glance down at the balled-up scarf, soft and delicate against his hand as she released his wrist, her eyes on his face. Benjicot looked at her, blinking rapidly a couple of times. He could hear the shuffle of feet as Emrys hurried to ascend the stairs and come up behind him, grabbing his shoulder as the flicker of flames bounced off the walls, Alistair’s shadow visible now, “Benjicot, come on.”

“For fuck sakes, just wait!” He snapped, his voice a whisper as he shook off his cousin. Benjicot moved to quickly tuck the scarf in his belt, securing it there snugly against his hip as his cousin huffed with a curse and hurried towards the stairs; leaving him behind to descend towards the front door.

“Be safe, come back to us.” She instructed, beginning to slide out from the nook and back in the direction of her room, but stopped by his hand around her wrist that pulled her back. His hand lifted to grasp her chin between his thumb and forefinger, his head ducking until his nose brushed hers — he paused, feeling her sharp inhale of breath, before pressing his mouth to hers in a sweet, gentle kiss; her lips soft on his. He felt a hand of hers reflexively come up to his chest, confused and exploratory as if she wasn’t sure what to do or how to respond to the brief kiss. He withdrew after a moment, eyes scanning her features and noting the deep crimson blush that spread up her neck and into her cheeks.

“I promise to return.” He muttered, stepping back and hurrying down the stairs as Alistair rounded the corner; finding Emrys bouncing on his toes by the front door

He could hear as Alistair called out a confused, “My lady?”

The sound of muffled conversation was distant and too quiet for his ears as he approached his cousin, who eyed him suspiciously. He wordlessly brushed past him, slipping out the door that Emrys held open before he felt him on his heels with a shut of the door. The two men bolted across the yard, the rain pouring down on the house as they ran towards the gates -- Benjicot squinted through the rain as he yanked his hood up and over his head, struggling to make out the shape of Ser Eryn who waited for him from the doors; the sound of water splashing with each step the two young men took.

“My lord.” Ser Eryn shouted over the rain, bowing his head to Benjicot as he neared, hand reaching out already towards the saddle of the horse the guard held in place by the reign. He quickly mounted the horse who stumbled around a couple of steps, adjusting comfortably on the saddle as he tugged on the reins to pull the horse back and steady it. He watched as Emrys hopped up and mirrored his actions, pulling himself up onto the other horse’s back, looking down at Ser Eryn, “Everything is ready for you. You should reach the rest of your men within the hour. The fields will be slippery, so be careful!”

“Aye.” Benjicot nodded, swaying with the horse’s anxious movements. “You’re a good man, Ser Eryn.” He stated. The guard gave another bow, muttering a ‘thank you’ to the boy lord who stood in front of him.

With a snap of his reins, the horse took off underneath Benjicot; Emrys in tow as the sound of hoofs pounded against the ground.

The rain came down in relentless sheets, soaking the earth and turning the narrow forest paths into a treacherous mire. The moon, hidden behind thick clouds, offered little light, leaving the night to be illuminated only by the occasional flash of lightning. The world was dark, wet, and unforgiving—a fitting backdrop for the grim task ahead.

Benjicot rode at the front, his horse’s hooves squelching in the mud with every step. His cloak was soaked through, the heavy wool clinging to his shoulders, but he paid it no mind. His thoughts were elsewhere, on the border ahead, where Bracken men had been seen trespassing on Blackwood land. This wasn't the first time, but it would be the last if he had anything to say about it.

Beside him, his cousin Emrys rode with equal determination, his jaw set in a grim line, "Do you think they'll be there?" Emrys asked, his voice barely audible over the drumming rain.

"They'll be there," Benjicot replied, eyes fixed on the path ahead.

Emrys nodded, gripping the reins tighter. The path began to slope downward, leading them toward the river that marked the boundary between Blackwood and Bracken lands. The river’s usual gentle flow had turned into a roaring torrent, swollen by the storm, the water crashing against the rocks with furious energy.

As they neared the border, Benjicot signalled for them to slow down. The faint glow of torches flickered through the trees ahead, confirming what they had suspected. Bracken men were indeed on Blackwood land, and they weren’t even trying to hide it, face-to-face with Davos and his men.

"How many do you think?" Emrys asked, peering through the darkness.

"Enough," Benjicot said, his voice a mutter.

He drew his sword, the steel gleaming briefly in the dim light. Emrys followed suit, the sound of metal slicing through the rain-soaked air.

They urged their horses forward, emerging from the cover of the trees into a clearing by the riverbank. There, illuminated by the torches, were half-dozen Bracken men, armed and armoured, standing defiantly on Blackwood soil.

One of them, a tall man with a grizzled beard, stepped forward; a familiar face that Benjicot recognized as an elder cousin to Aeron — a boy Benjicot had encountered several times before, "What’s this? Blackwoods come to play in the rain?"

"You’re on our land," Benjicot said, his voice carrying authority despite his youth. "Leave now, or we’ll make you."

The Bracken men laughed, their leader taking a step closer. "And what will a boy like you do about it?"

Benjicot’s eyes narrowed. "You’re treading thin ice, Bracken. Turn back and leave now, and we might spare you and your men."

Rodrik, the leader of the men, barked a laugh, “Don’t be foolish. Surely, you don’t truly think you’re anything to be feared, Benjicot.” He spat, taking a few steps in his direction, “Or did you come to meet my dear sister?” He taunted, his tone mocking and spurring a blinding rage deep within Benjicot, the taste of bile potent on his tongue.

“You’d be lucky if you see her face again anytime soon,” Rodrick continued. “Though I doubt that is of any concern to you…seeing that I hear you are to be married to that pretty little Tully girl, aye? What’s her name again?”

Benjicot twitched, his mouth turned into a snarl as he readjusted his grip around the hilt of his sword, his gaze watching the Bracken man like a predator does their prey, “Serra?” He slowly said, the name drawn out and followed by a sickening laugh, “Lucky man, Blackwood. You know she was almost a Bracken -- her father offered her for Aeron first before you.”

Rodrik slowly sauntered towards Benjicot’s horse, the men behind him tense as they watched in silence; Benjicot’s eyes briefly tearing away to glance towards the Blackwood men, Emrys stood beside them and waited for any signal to advance, his blade drawn and ready -- meanwhile, Rodrik stopped once he was within arms reach of his horse.

"Tell me, Blackwood," Rodrik sneered, his eyes gleaming with malice, "how does it feel to have a Tully as a prize, yet know she'll never be yours in spirit? Serra may wear your colours one day, but she'll always think of the strength and power of Bracken men. You can dress her in Blackwood finery, but deep down, she'll remember the better match she could have had—someone worthy of her station."

He leaned in closer, his voice a low, taunting whisper. "Enjoy her cold embraces, Benjicot. But remember, when she looks at you, she’ll be seeing the man she could’ve had."

He finally snapped.

With a sharp cry, he spurred his horse forward as Benjicot’s sword struck with precision, cutting through the defences of the Bracken man as his blade found its mark, cutting him down with a swift strike. There was a gasp as the remaining Bracken men, seeing their leader fall, began to retreat, stumbling over the muddy ground as they fled back across the river; Rodrik’s body slumped against the ground, with his face down in the mud with wide, lifeless eyes. Ben’s gaze remained pinned there upon his body as the men withdrew, unmoving.

Benjicot didn’t pursue them. He reined in his horse, breathing heavily, wiping the blade clean of blood off on his pant leg as Emrys came to a stop beside him, his chest heaving with exertion.

"Ben, what have you done?" Emrys hissed, his voice barely audible over the storm. His eyes were wide, but there was no judgement in them—only concern. "We weren't supposed to be here, let alone... do this."

He glanced around nervously, expecting Bracken reinforcements to appear out of the shadows. "You've just killed Rodrik Bracken. The Brackens won't let this go. This will start a blood feud, one even the gods can't stop."

Benjicot looked at him, blinking rapidly as the realisation of what he had just done dawned on him; suddenly feeling sick as shaking hands sheathed his sword and gripped the reins.

Emrys stepped closer, lowering his voice. "We need to think quickly. We can’t let them know it was us, not now. We need to get back to Raventree, and we need to make sure no one can tie this to you, to us. We can’t let this spiral out of control. The whole Riverlands will burn if this gets out."

The young lord nodded a stiff movement that oozed uncertainty.

He paused, searching Benjicot's face for a response. "You did what you had to, Ben, but now we must do what we must to protect our house."

TAGLIST: @username199945 @cxcilla @thethiccestdaddy @deltamoon666, @drwho-ess @callsigncrushx @clarityisnofun @jhepolie @juhdoche @majoso12 @roseheart5 @nixtape-foryou @poppyflower-22 @accidentpronedork @tannyfairy @maximizedrhythms @deadunicorn159 @xlittlefiend

#benjicot blackwood #davos blackwood #house of the dragon #house blackwood #kieran burton #hotd #benjicot blackwood x reader #davos blackwood x reader #benjicot blackwood fic #benjicot blackwood imagine

141 notes · View notes

mariacallous · 1 year ago

Text

Microsoft's CEO Satya Nadella has hailed the company's new Recall feature, which stores a history of your computer desktop and makes it available to AI for analysis, as “photographic memory” for your PC. Within the cybersecurity community, meanwhile, the notion of a tool that silently takes a screenshot of your desktop every five seconds has been hailed as a hacker's dream come true and the worst product idea in recent memory.

Now, security researchers have pointed out that even the one remaining security safeguard meant to protect that feature from exploitation can be trivially defeated.

Since Recall was first announced last month, the cybersecurity world has pointed out that if a hacker can install malicious software to gain a foothold on a target machine with the feature enabled, they can quickly gain access to the user's entire history stored by the function. The only barrier, it seemed, to that high-resolution view of a victim's entire life at the keyboard was that accessing Recall's data required administrator privileges on a user's machine. That meant malware without that higher-level privilege would trigger a permission pop-up, allowing users to prevent access, and that malware would also likely be blocked by default from accessing the data on most corporate machines.

Then on Wednesday, James Forshaw, a researcher with Google's Project Zero vulnerability research team, published an update to a blog post pointing out that he had found methods for accessing Recall data without administrator privileges—essentially stripping away even that last fig leaf of protection. “No admin required ;-)” the post concluded.

“Damn,” Forshaw added on Mastodon. “I really thought the Recall database security would at least be, you know, secure.”

Forshaw's blog post described two different techniques to bypass the administrator privilege requirement, both of which exploit ways of defeating a basic security function in Windows known as access control lists that determine which elements on a computer require which privileges to read and alter. One of Forshaw's methods exploits an exception to those control lists, temporarily impersonating a program on Windows machines called AIXHost.exe that can access even restricted databases. Another is even simpler: Forshaw points out that because the Recall data stored on a machine is considered to belong to the user, a hacker with the same privileges as the user could simply rewrite the access control lists on a target machine to grant themselves access to the full database.

That second, simpler bypass technique “is just mindblowing, to be honest,” says Alex Hagenah, a cybersecurity strategist and ethical hacker. Hagenah recently built a proof-of-concept hacker tool called TotalRecall designed to show that someone who gained access to a victim's machine with Recall could immediately siphon out all the user's history recorded by the feature. Hagenah's tool, however, still required that hackers find another way to gain administrator privileges through a so-called “privilege escalation” technique before his tool would work.

With Forshaw's technique, “you don’t need any privilege escalation, no pop-up, nothing,” says Hagenah. “This would make sense to implement in the tool for a bad guy.”

In fact, just an hour after speaking to WIRED about Forshaw's finding, Hagenah added the simpler of Forshaw's two techniques to his TotalRecall tool, then confirmed that the trick worked by accessing all the Recall history data stored on another user's machine for which he didn't have administrator access. “So simple and genius,” he wrote in a text to WIRED after testing the technique.

That confirmation removes one of the last arguments Recall's defenders have had against criticisms that the feature acts as, essentially, a piece of pre-installed spyware on a user's machine, ready to be exploited by any hacker who can gain a foothold on the device. “It makes your security very fragile, in the sense that anyone who penetrates your computer for even a second can get your whole history,” says Dave Aitel, the founder of the cybersecurity firm Immunity and a former NSA hacker. “Which is not something people want.”

For now, security researchers have been testing Recall in preview versions of the tool ahead of its expected launch later this month. Microsoft said it plans to integrate Recall on compatible Copilot+ PCs with the feature turned on by default. WIRED reached out to the company for comment on Forshaw's findings about Recall's security issues, but the company has yet to respond.

The revelation that hackers can exploit Recall without even using a separate privilege escalation technique only contributes further to the sense that the feature was rushed to market without a proper review from the company's cybersecurity team—despite the company's CEO Nadella proclaiming just last month that Microsoft would make security its first priority in every decision going forward. “You cannot convince me that Microsoft's security teams looked at this and said ‘that looks secure,’” says Jake Williams, a former NSA hacker and now the VP of R&D at the cybersecurity consultancy Hunter Strategy, where he says he's been asked by some of the firm's clients to test Recall's security before they add Microsoft devices that use it to their networks.

“As it stands now, it’s a security dumpster fire,” Williams says. “This is one of the scariest things I’ve ever seen from an enterprise security standpoint.”

144 notes · View notes

unmotivatedwrit3r · 1 year ago

Text

One in Eleven Million (final chapter)

damian wayne x reader x jon kent

(A/N): And we have reached the end! Thank you to everyone who has been following this story and I hope the ending was worth the wait. I also wrote at least some of this and the last chapter while delayed at a train station/on the train so any offhand references I make to either of those things are because of the haha.

And happy new year!

Series masterlist can be found here.

warnings: anxiety, train stations, small amount of cursing

wc: ~1400

Jon blinked awake to Damian tapping him on the shoulder.

“Huh?”

“We’re almost there,” he said, nodding out the window. Outside, the scenery had changed from the green of Pennsylvania to the cloudy skyscraper city of Gotham. “Alfred’s meeting us at the station. I’ve already asked and he’ll drive them home if they’re comfortable.”

Jon looked over at you. He couldn’t remember if you or he had fallen asleep first, but he felt privileged that you did at all. Sure, some of it might have been the exhaustion of the last day, but he had a feeling you wouldn’t have fallen asleep if you didn’t trust them to be there and wake you up. Based on your complaints about the station there, there was no way you wanted to end up in Newark. Or New York.

Jon shook you gently. You opened your eyes, confused, then sat quickly upright.

“Shit, I fell asleep? I didn’t mean to.”

“If it’s any consolation, so did I,” Jon shrugged.

“I didn’t mean to miss the last hour,” you argued.

“Last hour of what?” Damian stood up in the aisle, pulling Jon’s carry-on out from where he’d tucked it in. Jon grabbed his backpack then helped you pull your suitcase upright.

“Of—thanks Jon—of time left with you guys.” You winced. Maybe that was too honest. Tugging your backpack over your shoulders, you followed Jon towards the exit at the end of the car. Damian stopped at the car door. You braced yourself with your suitcase to avoid toppling over as the train shuddered on the tracks. It really did feel like the plane turbulence from earlier.

“This stop, Gotham Station,” the loudspeaker declared. One thing airplanes have going for them, you thought, better sound systems. The train’s announcements were barely audible. “Doors will open on the right side of the train. Please watch your step.” Anything further was indecipherable under the burbling of the speaker.

“Wait, why did you say the last hour?” Jon asked as the three of you took the escalator up to the station's main area.

“I have no idea how to contact you after this.” You pulled your suitcase over the lip of the escalator with a tug and continued on. Despite the amount of public transportation you’ve taken, Damian seemed to know the station better than you. You followed him as he weaved through the groups of people sprinkled around the area, Jon right behind.

Damian stopped just outside a side entrance, and you moved around to his other side to avoid blocking the door. Jon followed.

“We do all have phone numbers,” Damian suggested pulling out his phone. You assumed he was texting whoever was picking up him and Jon.

“Oh, duh!”

Jon’s excitement made you smile. The thought had crossed your mind earlier, but you’d dismissed it as a non-starter. You felt a little silly for that now.

Jon’s phone was already open to a new contact sheet when he handed it to you. You weren’t sure if you’d ever actually given them your last name or if they remembered ever seeing it on your train ticket or boarding pass, but there was bound to be someone between Gotham and Metropolis that shared your first name, so you added it in anyway. Jon took it back from you and started typing.

Your phone buzzed straightaway. You pulled it out of your pocket, smiling.

“hi :)” the first message read. It was sent to you and a third number. Then “it’s jon”

“Huh,” you mused, reading it. “I’ve never seen anyone spell it like that before. That’s cool.”

You unlocked your phone, opened it to the group chat, and held it out to Damian.

“Would you mind? So I don’t misspell your name?”

Damian muttered an assent and took it from you. He returned it with both contacts filled out.

“Oh, great, thanks.” You chuckled at Jon’s contact. The name, instead of the Jon offered by the initial text, had been filled out as “Jonathan Kent.” Damian’s name, you were proud to say, was spelled the way you imagined it was. The last name was a funny coincidence, you thought, considering he lived in Gotham.

“Wayne?” You asked, about to make a teasing joke.

“Like Bruce Wayne, yes.” Damian said, carefully watching your reaction.

“Like ‘Wayne Enterprises’ Wayne?” He nodded. “Holy shit. Wow, okay, I didn’t expect that. Wow.” You couldn’t read the expression on his face. Some part of you wondered if he was waiting for you to make a comment about his money or his father.

“Why did you take the train with me?” You asked instead. The concrete was rough beneath your shoes, a noticeable contrast from the smoothness of airport flooring. “You could have easily had someone pick you up. Pick both of you up. So why–?”

“Because we wanted to,” Jon answered simply.

“I am not in the habit of making,” Damian hesitated, “friends and then leaving them behind.”

“Yeah,” Your heart thudded loudly in your chest. “I’m glad we agree on that.”

An unfamiliar black car pulled up beside you. You took a couple steps back. It was nice, but anything unfamiliar, nice or not, wasn’t worth the risk.

Damian, on the other hand, moved in closer. He opened the passenger door and said something to the driver then turned back towards you.

“Do you want us to drop you off at home?”

You hesitated for a moment. Jon was looking hopefully at you. Damian’s “friends” echoed in your head.

“Yeah,” you agreed. “That would be great.”

Jon’s face split into a grin. The corner of Damian’s lips quirked up. There was some warm feeling in your chest at the fact that you caught it. You smiled back.

Alfred Pennyworth, as you learned his name was, stopped the car right outside of your building less than thirty minutes later.

“I’ll get your suitcase,” Jon offered, hopping out of the car as you collected the rest of your things.

“Thank you, Mr. Pennyworth.”

“You are very welcome,” he answered.

You shut the door behind you, now face to face with Jon.

“Is a hug okay?” You asked him. “I’m not sure if that’s a thing you do but-“

Jon gives good hugs, you decided immediately. You could feel the weight and warmth of his arms where they circled your shoulders.

“I’ll text you, okay?” He let go, hands moving to shove in his pockets. “I’ll take a picture of Metropolis when I get home and send it.”

You smiled at him; there was something concrete to look forward to. Damian came around the back of the car.

“You’re not a hug person, right?” You asked him. He shrugged.

“Only for certain people.”

You nodded, oddly disappointed. Damian opened his arms.

“Are you sure?” You asked him. He nodded and you let him set the pace, tightening your grip only when he did. Damian was a good hugger too, you realized. You wondered if the older brother you heard of hours ago on the plane and Jon both had something to do with that.

“You guys know where I live now,” you adjusted your backpack over your shoulder and pulled up the handle on your suitcase. “So come visit sometime, okay?” Your gaze wandered over to Jon. “Well if you’re in town, I guess. Metropolis isn’t exactly walking distance.”

Jon chuckled.

“I’m here pretty often.”

Damian scoffed a quiet laugh.

“We will. And keep in touch.”

“Yeah,” you smiled. “You guys too.”

You gave a final wave before heading into your building. A cloud of melancholy followed you inside. You ignored it, pulling dirty clothes from your suitcase to toss in the hamper before heading to take a shower.

Hair dripping but finally clean, you flopped onto your bed, reaching for your phone. Three messages were waiting for you. You answered the one from your parent, asking if you’d gotten home safe. The second was an email. You’d deal with that later, after you got some sleep. The third was a picture from Damian.

He didn’t even make it through my shower, the attached message read. On your screen, Jon was lying on a couch underneath Damian’s large dog. He was fast asleep.

You laughed and replied, then set your phone down. A nap would definitely throw off your sleep schedule, you knew, but Gotham was nocturnal anyway. You slept the afternoon away.

#damian wayne x reader #damian wayne #damian wayne imagine #damian wayne x reader x jonathan kent #damian wayne x gender neutral reader #damian wayne x reader x jon kent #jon kent x reader #jon kent imagine #jon kent fanfiction #jonathan kent imagine #jonathan kent #emerson writes sometimes #one in eleven million

218 notes · View notes

pitviperofdoom · 2 years ago

Note

PITS JONGERRYS LETS GO

Uhhh uMMMMMM URBAN FANTASY JONGERRYS

Things had escalated. With Gerard Keay involved, that meant something inevitably wound up on fire.

The initial blast took out two of Jon’s attackers and threw the rest into confusion. He was already running the second he was free, reaching out blindly until Gerard found his wrist. Without a word, his bodyguard shoved him to the front and sent another fireball into the cultists behind them. The flames, as always when they came from Gerard, burned hot and spread fast. The resulting confusion left their pursuers in disarray, but the spread of the flames cut off their exits as thoroughly as the cultists’ pursuit.

In the end, their only recourse was to flee deeper into the Rayner compound, away from the screams and shouts of their would-be captors.

Jon kept his mouth shut, breathing deeply and evenly as Gerard hurried him along. He was getting used to running, he thought wryly. Less than a year ago he would’ve been gasping and staggering after the first three hallways, but now his breath came easily, and he barely registered the burn in his legs until they finally came to a halt.

A spacious storage closet served as a temporary refuge; the closet itself was dark and unlit, but a small window at Gerard’s eye level provided him with a vantage point. Jon leaned against the wall to catch his breath.

“Lost them for now,” Gerard murmured. “Won’t matter much if we can’t get out of here.”

“Mm.” Jon let out a long, slow breath. “I think it’s safe to say that relations between Elias and the People’s Church have thoroughly broken down.”

“Long time coming, if you ask me. Mum always says Rayner’s lot don’t want anything less than total dominion. So alliances don’t tend to—”

Abruptly he went still and silent, ducking away from the window. Footsteps rushed past outside; a shadow fell over the dim beam of light that leaked through. Jon didn’t dare move. Eventually, after a few heart-pounding seconds, the figure outside moved on and joined the rest of the cultists searching the building.

The silence lasted nearly two full minutes before Jon built up the nerve to speak again. “Gerard?”

A soft sigh emanated from the darkness. “Thought I told you to call me Gerry.”

“I… haven’t forgotten,” Jon replied. “Gerry, then.”

The name felt uncomfortable on his tongue, even with permission. It held meaning, he knew. Gerard—Gerry had thrown it out in an off-hand manner, but Jon didn’t need to be a seer to sense the weight in that request. It wasn’t just a preference; it was an offer of trust, a wall coming down, a privilege that Jon had somehow earned, entirely without meaning to, without offering anything in return.

“I’ll follow your lead,” he said.

Gerry’s face hovered into the light again, casting sharp shadows over his features. “Not quite good enough.”

“What?”

With a sigh, Gerry let his eyes slide shut. “There’s too many of them. If we make a break for it, they’ll run us down, overwhelm us with sheer numbers.” His eyes opened, focusing on Jon. “You’re fast. A lot faster than you used to be, at least. All you need to get away is a diversion.”

“I don’t like where this is headed—”

“I’ll be fine,” Gerry said calmly, with a roll of his eyes. “And most importantly, you’ll be fine. You’ve got the easy bit. All you have to do is run fast until you’re out. I’ll take care of the rest.”

He reached for the door handle. Jon got there first.

***

Jon’s hand closed around his wrist, tight enough to make his fingers tingle. Gerry jerked back with a surprised hiss, but Jon refused to let go.

“Gerry, stop,” he hissed. “It won’t work.”

“Oh ye of little faith.” It was getting a little harder to keep his voice steady. Sure, his chances were slim, but that was nothing new. Slim chances were his baseline.

“No, listen to me,” Jon gritted out, yanking him away from the door. “It won’t work. There are too many of them and they’re spread out through the building. No matter where, when, or how you try to make a stand, I won’t even make it outside.”

Conviction rang in every word, bringing Gerry up short. He looked back; in the dim light through the door’s small window, he could see the set of Jon’s face.

“Trust me,” Jon pleaded. “I know.”

Gerry’s eyes narrowed. “How do you know? I didn’t see you swooning over a vision.”

“Think of something else,” Jon told him.

“Jon—”

“The longer we take to decide, the more everything shifts,” Jon snapped. “Think of something else.”

“Fine!” Gerry thought quickly. “It’s a straight shot to the east entrance from here—”

“Won’t work,” Jon cut him off. The light from the hallway struck his eyes, setting them aglow. His pupils, no longer light-absorbing black, flashed like a cat’s in the dark. “It’s too narrow—no escape routes. It’ll funnel us straight to them. Try again.”

“South, then. It leads to the warehouse—there’s plenty of places to hide.”

“The mezzanine’s already packed with armed cultists,” said Jon. “It’d be like running into a firing squad.”

“If we go further down—”

“No way out, and… there’s something down here.” Jon squinted and grimaced, free hand flying to his forehead as if in sudden pain. “I can’t—I can’t quite get the shape of it.”

“Then… up…?”

Jon blinked. “Keep going.”

“What?”

“Upstairs, then what?”

Gerry thought for a moment. “Head to the roof, take the fire escape down.”

“Fire escapes aren’t maintained, they won’t hold both of us,” said Jon. “Try again.”

“Not the roof, then. Out one of the windows. I can climb and carry you.”

“You—” Jon blinked, his strange eyes widening. “Huh. So you can.”

“Are we good?” Gerry asked.

“Wait.” Jon’s eyes flickered again, before he squeezed them shut and came back into himself. “Christ. Car park on the west side of the building. There’s a blue sedan with keys on the center console.”

“Okay.” With one last look out into the hallway, Gerry reached for the door handle. There would be time for questions later, and Gerry had many. “Get ready to run.”

***

“Want to tell me what that was about, then?”

Jon’s hands barely shook. It was a bold move, starting an interrogation when Jon was the one applying gauze to a bullet graze Gerry couldn’t reach himself. “Depends on what you want to talk about—”

“Don’t.” Gerry’s voice brooked no argument, barely stuttering even as Jon pressed a disinfectant-soaked pad to the gash over his shoulder blade.

“There’s nothing to talk about,” Jon insisted. “I’m a seer. You knew that when Elias brought you on. Why are you so disconcerted over watching me see the future?”

“Because you’ve been holding out on me, Sims,” Gerry said mildly. “Holding out on him too, seems like. Does Elias know you can do that? Just peek into the future of your own accord, instead of waiting for it to creep up and pounce?”

Jon sighed.

He didn’t say anything after sighing, but he did continue to patch up Gerry’s wounds. Gerry sat patiently, holding still even as Jon’s ministrations stung his torn and scorched skin. He could be patient. Once Jon was done, he wouldn’t have an excuse to hide behind anymore.

“I’m not stupid,” Jon said. “Or naive, or sheltered. I don’t know why you thought I was when we first met.”

“You’re not my first bodyguarding gig,” Gerry told him. “In my experience, anybody who gets as petulant about being protected as you were is usually naive and a bit stupid. And after that stunt you pulled with Jude Perry, you can forgive me for coming to a reasonable conclusion.”

“That wasn’t stupidity or naivete,” Jon said primly. “That was recklessness. Learn the difference.”

“Jon.”

“I just mean—I know how people see me,” Jon went on. “What they usually want from me. It happened back when I was a kid, before my grandmother stopped letting me talk about it. Everyone wants to know something about the future, even if they think they don’t. I’m a useful tool for some, a deepest wish for others. I’ve been hiding what I am since I was a child. And when Elias identified what I was in spite of my best efforts… I thought it best to keep hiding what little I could.”

“Like having control over your own power.” Gerry’s eyes narrowed. “But you work for him. Being a seer is literally what he pays you for.”

“But I don’t know why.” Jon finished fussing over his wounds and stood back. “He pays me a wage plus a bonus for every vision I report to him, but I don’t know what he’s getting out of any of it. He’s looking for something—I know he is. I just don’t know what.”

“If you don’t know what he wants from you, but you don’t trust him enough to ask, then why stay at all?” Gerry asked. “I’ve seen your paycheck, and it’s not that good. Why do you still work for him?”

Jon moved to the sink, where he washed his hands with the methodical care of a surgeon about to walk into an operating theater. Gerry was halfway through putting his shirt back on when Jon finally replied.

“Because I haven’t found a path to quitting that doesn’t end with Elias killing me.”

Gerry froze, his shirt still rucked up over his chest.

“I’d been working for him for about… six months? When I finally admitted to myself that I wasn’t comfortable.” Jon returned to the kitchen table and sank back into the chair beside Gerry. “I didn’t think much of peeking ahead, so to speak. Elias just struck me as the sort of boss who would take a resignation personally, and I wanted to know what I’d have to deal with.” He took a deep breath. “Turns out, what I’d have to deal with was Elias coming into my home and beating me to death in a staged burglary gone wrong.”

Gerry gripped the edge of his chair until his knuckles turned white.

“I-I went through as many possible exits as I could think of,” Jon went on. “Moving wouldn’t help. Neither would changing my number, ghosting him, stringing him along to keep him from realizing I was quitting—nothing. If I try to quit, he’ll kill me. And I don’t know why.”

He stopped, steadying himself. “All I can do is just—linger. Be as useless as possible. Try to figure out what he wants from me. I-I keep checking, every now and then. Cycling through possible resignation methods. I’m—” HIs voice caught. “I’m quite sick of watching myself die, as you can imagine.”

“Can’t you use your sight to figure out what he wants?” Gerry asked.

“No, it’s—it’s not that simple, it’s—a question like that is too vague.” Jon paused, looking thoughtful. “Did your mother ever teach you about probability?”

Gerry gave him exactly the look that question deserved.

“Right, didn’t think so. Here—here’s an incredibly simplified demonstration.” Jon reached across the table and snagged a legal pad. “Right, so—imagine you’re trying to pick an outfit for the day. And you have… two pairs of trousers, three shirts, and four pairs of socks. So you start with picking the trousers.” Turning the pad sideways, he started on the left and drew a sideways V, the two branches spread wide, nearly spanning the width of the page. “These two points are your two choices of trousers. From there, you pick a shirt. Both choices of trousers can then go with three possible shirts, making six outcomes in all.” From the end of both branches, he drew three more branching lines. “And from there, you choose socks—so each of these six shirt-trouser combinations have four further possibilities for socks.” He continued drawing until the diagram resembled a sideways skeletal tree with twenty-four branches at the end. “And you can continue this ad nauseum—you’ve got three possible pairs of shoes, five possible hats, two possible pairs of gloves, and so on and so forth.” Before long, the entire page was filled with simplistic tree branches, uneven and crowding each other on the page. “Following me so far?”

“Yes?” Gerry said dubiously.

“This is, once again, an incredibly simplified version of what the future is like,” Jon explained. “It’s not a straight path. There are countless possible outcomes for every single—well. Everything. You make different choices to go down certain paths, and the choices available to you depend on random chance and the choices of the people around you, who are also living in their own tangled probability trees.” He tapped the scribbly mess on the page with his pencil. “When I use my sight of my own accord, that is what I see.”

Gerry stared down at it. “Huh.”

“The trick I pulled in the Rayner compound was… simpler than it could have been,” Jon went on. “It’s easiest to see what’s straight ahead, because that puts me back here—” he tapped at the single point on the left side of the page, from which the rest of the branches originated. “Because I can focus on myself, and my own choices, and the number of possible outcomes are slightly more manageable. The present and immediate future are always the easiest to deal with, because whenever I choose a particular branch, the rest of them… wither away, so to speak, and all the tangled might-have-beens that grew from them disappear. It frees up my attention.”

“So it’s difficult to figure out what Elias wants from you because… you don’t know how to find the right branch?”

Jon nodded. “I don’t know how to find the path that leads to him telling me.”

“Do you know what happens if you tell him the truth about your abilities?”

“I looked, once,” Jon replied. “Not for very long. None of the outcomes I could find involved him letting me outside ever again.”

“Fuck,” Gerry breathed out. “You realize you’re taking a huge risk by telling me, right? For all you know, I could take this straight to Bouchard.”

Jon’s eyes flickered again. “I’ve yet to find a branch where you do.” Gerry snorted. “And besides that…”

His scarred hand came to rest over Gerry’s. By some miracle, Gerry managed not to jump.

“We’re in this together,” Jon said. “We’re both stuck, and I’m relying on you just to keep breathing. You’ve been—good. To me. So far. You’re no friend of Elias, that’s for sure.”

“I’m not,” Gerry said firmly.

“Maybe it is a risk,” said Jon. “But I’m just—tired. I’m trapped either way, and the closest I have to company I trust are the infinite possible future versions of myself, who I can only observe and learn from. To tell you the truth, I’ve been getting a bit lonely.”

“Bit sad, that.”

“Never said it wasn’t.”

They sat in silence for a while, neither of them pulling away from the other’s touch. Gerry stared at the hand over his own through half-lidded eyes, wondering what would happen if he turned his over and held Jon’s properly. For a split second he wished he could peek ahead.

“Hey Jon?”

“Yes?”

“What happens if—” He faltered for a moment. “What happens if I’m with you when you try to leave?”

“Hm.” Jon’s eyes flickered for a moment.

Without warning, they flew open wide.

“Jon?” Gerry asked nervously.

“I…” Jon’s throat bobbed. “Sorry, that—that just opened up an entire dimension of branches that I didn’t even—” His eyes flicked from side to side, as if the entire tree of fate was sprouting and growing before him, and he could only take in a few branches at a time.

“Talk to me,” said Gerry.

“There are—a lot more answers to that question than I realized,” Jon said. “Still a lot of ways to die, but—not as immediate. There are more branches ahead, I can’t quite…” He seemed to catch his breath. “I have to think about this. But…” The strange light in his eyes went out, and he turned to look at the Gerry of here and now. “Would you do that? Are you sure?”

Gerry took Jon’s hand and squeezed. The outcome, it turned out, was Jon’s wide eyes locking on his face, and the faintest hint of a blush creeping over Jon’s skin.

“Yes.” He wondered how many paths vanished when he made his choice.

#jongerry #jonathan sims #gerard keay #the magnus archives #tma fic #fanfiction #tales from the pit

184 notes · View notes

chainoftalent · 2 years ago

Note

A,,Any chance of a Yandere Profile for Kokichi?? 👉👈 👀

Have I really not done one for Kokichi? I could have sworn I did, probably just remembering somebody else's.

Kokichi Yandere Profile

What are they generally like? Lucid, aware? Obsessive? How do they behave?

Kokichi is very aware of what he's doing, as the Ultimate Supreme Leader he can't afford to not be aware of everything he does and thinks. He knows full well he's obsessive and he needs to be careful, he just doesn't think it's anyone's business.

How likely are they to kidnap their darling? How quickly will they do so?

Solidly depends on how much you give back to him, if you try and pull away from him, or don't like him, and he can't change your mind and make you stay then you're being taken to a secondary location. However if you're friendly, kind to him, listen to him, spend a lot of time with him, and put him above basically everyone then he's more likely to let you be more free range.

How difficult is it to escape from them? How do they keep you restrained? How do they deal with attempted escape?

You're not escaping from Kokichi, at first you've only got minor restraints to make things easier on everyone, but Kokichi's done this rodeo like 9 times before he's gotten to you he knows what he's doing. He knows how to escalate and punish that best work, while he might be more forgiving of the first few escapes as that's just nature, that doesn't mean he'll ever let you fully get away with it, he won't look weak in front of you, not when he needs you to accept him as your leader. Plus getting out means getting past DICE and while they may empathize from their own experiences in your place they won't help you leave.

How easy are they to trick, deceive, or manipulate?

HA. HA HA HA HA. It's KOKICHI, and you've got his ATTENTION, good fucking luck you'll NEED IT.

How lenient are they? What privileges can you have, and what will you be denied?

He's used to this like I've stated before, he knows how to straddle this line. You'll have your own room with a connected bathroom though no windows, at the start its mostly just a long ankle chain that gives enough movement to move around and to the bathroom without issue or help. This also lets you shower and do personal grooming without his help, unless he wants to help you to further your affection for him by brushing your hair or doing your makeup. Your food and clothes are all supplied by Kokichi's whims, but you'll often have multiple options unless you've earned a punishment. Though you may wish he took a bit more privileges when you find out he's fully intending to make you exercise to stay healthy in your room, he is making you do jumping jacks with a chain around your leg, what the hell dude.

You wont be able to leave your room without him being there, or go online, or know the time. You won't even be able to guess because food seemingly comes randomly and with no real pattern to how long it feels. He's fully intending to confuse you on how long its been. He's found its easier if most things for them are normal as usual with a few key things to throw them off and keep them from being fully comfortable without Kokichi. Conditioning, not just for your hair!

What kind of rules do they have? What kind of punishment would they use?

You have to follow DICE rules, but beyond that you have to listen to him, not be stupid, not give anyone outside him or DICE too much attention, don't try to escape, don't tell anyone, tell Kokichi the truth always unless it's funny.

Punishments are usually more mental then physical, nagging you for failing and how disappointed he is, along with a removal of things you like from your room. Say goodbye to the PS5!

How do they deal with rivals, or perceived rivals? Will they get rid of them? Will they kill them themselves, or find another way?

Even as a yandere, DICE's no kill rule stands strong. He won't maim rivals, just bother them until they can't take it anymore. Legos everywhere, needles in shoes, stealing their credit card, it's a death of a thousand cuts.

How easy is it to make them mad? What does their anger look like?

Not easy, it's easy to make them pretend to be upset and guilt trip the hell out of you. Actually mad though takes quite some time or hitting very specific buttons. Kokichi has a bit of a temper though, so when he does get angry he gets VERY angry, and the only reason he doesn't hurt you is he has enough of control of himself to leave the room slamming the door behind him. Do not push him past that.

Do they see you as above them, beneath them, or equal to them?

Beneath him but in an affectionate way, a new beloved minion.

How determined are they for you to love them? How hard will they try to make it happen? Or are they content just having you?

Very determined, you will love them, you will join DICE, you will be his heart and soul, he will have your loyalty.

Bonus: Is there anything that makes them unique, in comparison to other yanderes?

The fact he's capable of maintaining multiple obsessions, all of DICE is his obsession and he can and will find new people to obsess over while still obsessing over you and the rest of DICE.

General perverseness: how sexual of a person are they? What’s their drive like? How touchy do they get? Do they have any reservations about sexuality?

Very low sex drive and honestly very little interest in it, asexual king. If you were into it he doesn't mind being your stone top, but beyond that? Eh.

How forceful are they? Do they care about your willingness?

Not interested unless you are, so unless you want to roleplay that, he doesn't care to do anything like that

What sort of kinks or fetishes do they have, or would they fill?

If you are going to have him fuck you or just do nonsexual kink, he's really into things that don't involve a mess and a show of dominance. Things like Shibari, or Collars, or Human Furniture. His most intense one is body modification stuff though, you let him pierce your ears and put in earrings he chose and he is going to be paying INTENSE attention to you with wide blown out eyes.

How do they feel about pregnancy or babies? Do they want them?

Not overly interested, it's already busy around DICE headquarters, maybe when he's older he might want a few kids with the members of DICE who can have kids

What kind of (nsfw) punishments would they use?

They wouldn't unless you were someone like Miu, if you were like Miu then he is going to edge the hell out of you.

What body parts of their darling do they like the most?

Kokichi likes hands, how clever, quick, and sleek they are. He also really enjoys powerful lean legs, he's very much into traits that make you good at crime.

#yandere danganronpa #yandere #ndrv3 #drv3 #yandere ndrv3 #x reader #danganronpa v3 #yandere profile #yandere kokichi #yandere kokichi ouma #yandere ouma #yandere drv3 #kokichi ouma #chainoftalent

63 notes · View notes

terrence-silver · 8 months ago

Note

What would happen if someone tried to quit Cobra Kai during the KK3 era? What would price be for quitting the dojo?

---

I mean, officially? 😬

Nothing happens to you if you quit Cobra Kai; that's what you might be told.

It is an egalitarian, democratic dojo and people can come and go as they please...or at least that's what official narrative that could be served to any student with the biggest, kindest, warmest and most re-assuring smile would be. You might even get a pat on the back to top it all off. The comfort that you can still turn to your teachers and comrades at the dojo in case you ever need anything, because that's how empathetic these people will come off...especially Terry. John? Perhaps less so. In any case, the truth is entirely different, though. Leaving Cobra Kai is a bit like leaving the mob at any era. You can technically try --- you might even be encouraged to try (bordering on a challenge or a dare packaged in the most polite way possible), purely to drill the point home how much free will the students practice here. You'll have an awful time once you do and actually go through with this, though. Except, unlike the mob, there's no witness protection services to defend someone who merely quit a dojo. There probably ought to be knowing Terry Silver and John Kreese, though --- because you're somehow in a world of trouble the minute you renounce your allegiances (and you might've never even realized it was as serious as that) and stop showing up for classes because you officially told one of the Senseis you're going to quit for any reason. Now, as if on cue, you have former classmates bullying you, eclipsing your every move, your private life being sabotaged, your place of employment doxxed or threatened, individuals you can only class as hooligans stalking you, bothering you, catcalling you, heckling you, showing up places they shouldn't; might go as far as physical escalation instead of merely psychological mistreatment --- in layman terms, it's not out of the question you wouldn't get mugged or beat up, assuredly, by a gang of masked people who are eerily apt at martial arts almost like they studied it where you did.

You car might end up totaled while it's parked on the street.

Your home's windows smashed in.

Your apartment broken into and ransacked.

Your pet mysteriously disappears and winds up dead.

Your front porched spray painted with something resembling a warning.

Heck, where you live might get set on fire. People you love could get hurt.

Someone might even die and I wouldn't find it tremendously unbelievable.

Torture? Pain? Kidnapping? Abuses of various degrees?

Yep. It's that extreme and that serious.

Why?

Because John and Terry might have a very militant outlook on Cobra Kai and loyalties in general, which is no surprise considering they were in the military themselves and somehow, it bled through how they conduct the dojo as a whole. To throw in the towel and give up Cobra Kai equals spitting in their collective and the face of their very ideology and life's work and hey, if we reach, even their very service during the war. They do take capital offence to people leaving even though they don't really outright display the fact. The awful things that started happening to you coincidentally after you left? Can't even be easily traced back to them because they're cunning and have an understanding PR to the degree they can cover their tracks up; furthermore, Cobra Kai has enough money and backing from Terry Silver, who's literally a billionaire, to get away with any number of transgressions. So, to cut to the chase? Sure. Officially? Anyone can leave Cobra Kai. Same way anyone can join. It's simply that after you actually leave it, a world of pain can come your way and nobody guarantees for your safety...same could be said if you joined it. You wanted to be Cobra Kai, right? Kreese and Silver view this whole thing like they might view the Marine Corp: the privilege of brotherhood comes with consequences, and your teaching will be strenuous, difficult and absolutely brutal. Seems like you're not only not safe if you quit; you're not safe even if you do join of your very own volition.

It's somehow best if Cobra Kai as a whole just never throws its glance your way.

And vice versa.

#terry silver #kk3 #cobra kai #john kreese #character analysis

10 notes · View notes

govindhtech · 8 months ago

Text

Entra ID Lateral Movement And Expanding Permission Usage

Abusing Intimate Permissions for Lateral Movement and Privilege Escalation in Entra ID Native Environments: (In)tune to Takeovers

Recently, a client received assistance from the Mandiant Red Team in visualizing the potential consequences of an advanced threat actor breach. In order to compromise the tenant’s installed Entra ID service principals, Mandiant migrated laterally from the customer’s on-premises environment to their Microsoft Entra ID tenant during the evaluation.

Using a popular security architecture that involves Intune-managed Privileged Access Workstations (PAWs), we will discuss in this blog post a new method by which adversaries can move laterally and elevate privileges within Microsoft Entra ID by abusing Intune permissions (DeviceManagementConfiguration.ReadWrite.All) granted to Entra ID service principals. We also offer suggestions and corrective actions to stop and identify this kind of attack.

A pretext

The client had a well-developed security architecture that adhered to the Enterprise Access model suggested by Microsoft, which included:

An Active Directory-based on-premises setting that adheres to the Tiered Model.

A Microsoft Entra Connect Sync-synchronized Entra ID environment that synchronizes on-premises identities and groups with Entra ID. PAWs, which were completely cloud-native and controlled by Intune Mobile Device Management (MDM), were used to administrate this environment. They were not connected to the on-premises Active Directory system. To access these systems, IT managers used a specific, cloud-native (non-synced) administrative account. These cloud-native administrative accounts were the only ones allocated Entra ID roles (Global Administrator, Privileged Role Administrator, etc.).

A robust security barrier was created by separating administrative accounts, devices, and privileges between the Entra ID environment and the on-premises environment:

Because Entra ID privileged roles are associated with unique, cloud-native identities, a compromise of the on-premises Active Directory cannot be utilized to compromise the Entra ID environment. This is an excellent practice for Microsoft.

An “air gap” between the administration planes of the two environments is successfully created by using distinct physical workstations for administrative access to cloud and on-premises resources. Attackers find it very challenging to get through air gaps.

Strong Conditional Access regulations imposed by Privileged Identity Management assigned roles to the administrative accounts in Entra ID, necessitating multi-factor authentication and a managed, compliant device. Additionally, Microsoft recommends these best practices.

Attack Path

One of the objectives of the evaluation was to assign the Mandiant Red Team the task of obtaining Global Administrator access to the Entra ID tenant. Mandiant was able to add credentials to Entra ID service principals (microsoft.directory/servicePrincipals/credentials/update) by using a variety of methods that are outside the purview of this blog post. This gave the Red Team the ability to compromise any preloaded service principal.

There are a number well-known methods for abusing service principal rights to get higher permissions, most notably through the usage of RoleManagement.See AppRoleAssignment and ReadWrite.Directory.Application and ReadWrite.All.ReadWrite.All rights for Microsoft Graph.

However, the Mandiant Red Team had to reconsider their approach because none of these rights were being used in the customer’s environment.

Mandiant found a service principle that was given the DeviceManagementConfiguration after using the superb ROADTools framework to learn more about the customer’s Entra ID system.Go ahead and write.Permission is granted.Image credit to Google Cloud

The service principal is able to “read and write Microsoft Intune device configuration and policies” with this authorization.

Clients running Windows 10 and later can execute the unique PowerShell scripts used by Intune for device management. Administrators have an alternative to configuring devices with settings not accessible through the configuration policies or the apps section of Intune by using the ability to run scripts on local devices. When the device boots up, management scripts with administrator rights (NT AUTHORITY\SYSTEM) are run.

The configuration of Device Management.Go ahead and write.To list, read, create, and update management scripts via the Microsoft Graph API, all permissions are required.

The Microsoft Graph API makes it simple to write or edit the management script. An example HTTP request to alter an existing script is displayed in the accompanying figure.PATCH https://graph.microsoft.com/beta/deviceManagement/ deviceManagementScripts/<script id> { "@odata.type": "#microsoft.graph.deviceManagementScript", "displayName": "<display name>", "description": "<description>", "scriptContent": "<PowerShell script in base64 encoding>", "runAsAccount": "system", "enforceSignatureCheck": false, "fileName": "<filename>", "roleScopeTagIds": [ "<existing role scope tags>" ], "runAs32Bit": false }

The caller can provide a display name, file name, and description in addition to the Base64-encoded value of the PowerShell script content using the Graph API. Depending on which principle the script should be run as, the runAsAccount parameter can be set to either user or system. RoleScopeTagIds references Intune’s Scope Tags, which associate people and devices. The DeviceManagementConfiguration can likewise be used to construct and manage them.Go ahead and write. Permission is granted.

The configuration of Device Management.Go ahead and write.By changing an existing device management script to run a PowerShell script under Mandiant’s control, Mandiant was able to go laterally to the PAWs used for Entra ID administration with full authorization. The malicious script is run by the Intune management script when the device reboots as part of the user’s regular workday.

By implanting a command-and-control device, Mandiant could give the PAWs any instructions. The Red Team obtained privileged access to Entra ID by waiting for the victim to activate their privileged role through Azure Privileged Identity Management and then impersonating the privileged account (for example, by stealing cookies or tokens). By taking these actions, Mandiant was able to fulfill the assessment’s goal and gain Global Administrator rights in Entra ID.

Remediation and Recommendations

To avoid the attack scenario, Mandiant suggests the following hardening measures:

Review your organization’s security principals for the DeviceManagementConfiguration.ReadWrite.All permission: DeviceManagementConfiguration should be handled by organizations that use Microsoft Intune for device management.Go ahead and write.Since it grants the trustee authority over the Intune-managed devices and, consequently, any identities connected to the devices, all permissions are considered sensitive.

Mandiant advises businesses to routinely check the authorizations given to Azure service principals, with a focus on the DeviceManagementConfiguration.Along with other sensitive permissions (like RoleManagement), there is the ReadWrite.All permission.See AppRoleAssignment and ReadWrite.Directory.Application and ReadWrite.All.ReadWrite.All.

Businesses that manage PAWs with Intune should exercise extra caution when assigning Intune privileges (either via DeviceManagementConfiguration).Use Entra roles like Intune Role Administrator or ReadWrite.All.

Enable Intune’s multiple admin approval: Intune allows you to use Access Policies to demand a second administrator’s approval before applying any changes. By doing this, an attacker would be unable to use a single compromised account to create or alter management scripts.

Think about turning on activity logs for the Microsoft Graph API: Graph API Activity logs, which provide comprehensive details about Graph API HTTP requests made to Microsoft Graph resources, can be enabled to aid in detection and response efforts.

Make use of the features that Workload ID Premium licenses offer: With a Workload-ID Premium license, Mandiant suggests using these features to:

Limit the use of privileged service principals to known, reliable places only. By guaranteeing that only trustworthy places are used, this reduces the possibility of unwanted access and improves security.

Enable risk detections in Microsoft Identity Protection to improve service principal security. When risk factors or questionable activity are found, this can proactively prohibit access.

Keep an eye on service principal sign-ins proactively: Monitoring service principal sign-ins proactively can aid in identifying irregularities and possible dangers. Incorporate this information into security procedures to set off notifications and facilitate quick action in the event of unwanted access attempts.

Mandiant has a thorough grasp of the various ways attackers may compromise their target’s cloud estate with some hostile emulation engagements, Red Team Assessments, and Purple Team Assessments.

Read more on Govindhtech.com

#EntraID #EntraIDLateral #Lateral #Mandiant #MicrosoftEntraID #RedTeam #Windows10 #News #Technews #Technology #Technologynews #Technologytrends #govindhtech

3 notes · View notes

understandingactivedirectory · 2 years ago

Text

Exploring Kerberos and its related attacks

Introduction

In the world of cybersecurity, authentication is the linchpin upon which secure communications and data access rely. Kerberos, a network authentication protocol developed by MIT, has played a pivotal role in securing networks, particularly in Microsoft Windows environments. In this in-depth exploration of Kerberos, we'll delve into its technical intricacies, vulnerabilities, and the countermeasures that can help organizations safeguard their systems.

Understanding Kerberos: The Fundamentals

At its core, Kerberos is designed to provide secure authentication for users and services over a non-secure network, such as the internet. It operates on the principle of "need-to-know," ensuring that only authenticated users can access specific resources. To grasp its inner workings, let's break down Kerberos into its key components:

1. Authentication Server (AS)

The AS is the initial point of contact for authentication. When a user requests access to a service, the AS verifies their identity and issues a Ticket Granting Ticket (TGT) if authentication is successful.

2. Ticket Granting Server (TGS)

Once a user has a TGT, they can request access to various services without re-entering their credentials. The TGS validates the TGT and issues a service ticket for the requested resource.

3. Realm

A realm in Kerberos represents a security domain. It defines a specific set of users, services, and authentication servers that share a common Kerberos database.

4. Service Principal

A service principal represents a network service (e.g., a file server or email server) within the realm. Each service principal has a unique encryption key.

Vulnerabilities in Kerberos

While Kerberos is a robust authentication protocol, it is not immune to vulnerabilities and attacks. Understanding these vulnerabilities is crucial for securing a network environment that relies on Kerberos for authentication.

1. AS-REP Roasting

AS-REP Roasting is a common attack that exploits weak user account settings. When a user's pre-authentication is disabled, an attacker can request a TGT for that user without presenting a password. They can then brute-force the TGT offline to obtain the user's plaintext password.

2. Pass-the-Ticket Attacks

In a Pass-the-Ticket attack, an attacker steals a TGT or service ticket and uses it to impersonate a legitimate user or service. This attack can lead to unauthorized access and privilege escalation.

3. Golden Ticket Attacks

A Golden Ticket attack allows an attacker to forge TGTs, granting them unrestricted access to the domain. To execute this attack, the attacker needs to compromise the Key Distribution Center (KDC) long-term secret key.

4. Silver Ticket Attacks

Silver Ticket attacks target specific services or resources. Attackers create forged service tickets to access a particular resource without having the user's password.

Technical Aspects and Formulas

To gain a deeper understanding of Kerberos and its related attacks, let's delve into some of the technical aspects and cryptographic formulas that underpin the protocol:

1. Kerberos Authentication Flow

The Kerberos authentication process involves several steps, including ticket requests, encryption, and decryption. It relies on various cryptographic algorithms, such as DES, AES, and HMAC.

2. Ticket Granting Ticket (TGT) Structure

A TGT typically consists of a user's identity, the requested service, a timestamp, and other information encrypted with the TGS's secret key. The TGT structure can be expressed as:

3. Encryption Keys

Kerberos relies on encryption keys generated during the authentication process. The user's password is typically used to derive these keys. The process involves key generation and hashing formulas.

Mitigating Kerberos Vulnerabilities

To protect against Kerberos-related vulnerabilities and attacks, organizations can implement several strategies and countermeasures:

1. Enforce Strong Password Policies

Strong password policies can mitigate attacks like AS-REP Roasting. Ensure that users create complex, difficult-to-guess passwords and consider enabling pre-authentication.

2. Implement Multi-Factor Authentication (MFA)

MFA adds an extra layer of security by requiring users to provide multiple forms of authentication. This can thwart various Kerberos attacks.

3. Regularly Rotate Encryption Keys

Frequent rotation of encryption keys can limit an attacker's ability to use stolen tickets. Implement a key rotation policy and ensure it aligns with best practices.

4. Monitor and Audit Kerberos Traffic

Continuous monitoring and auditing of Kerberos traffic can help detect and respond to suspicious activities. Utilize security information and event management (SIEM) tools for this purpose.

5. Segment and Isolate Critical Systems

Isolating sensitive systems from less-trusted parts of the network can reduce the risk of lateral movement by attackers who compromise one system.

6. Patch and Update

Regularly update and patch your Kerberos implementation to mitigate known vulnerabilities and stay ahead of emerging threats.

4. Kerberos Encryption Algorithms

Kerberos employs various encryption algorithms to protect data during authentication and ticket issuance. Common cryptographic algorithms include:

DES (Data Encryption Standard): Historically used, but now considered weak due to its susceptibility to brute-force attacks.

3DES (Triple DES): An improvement over DES, it applies the DES encryption algorithm three times to enhance security.

AES (Advanced Encryption Standard): A strong symmetric encryption algorithm, widely used in modern Kerberos implementations for better security.

HMAC (Hash-based Message Authentication Code): Used for message integrity, HMAC ensures that messages have not been tampered with during transmission.

5. Key Distribution Center (KDC)

The KDC is the heart of the Kerberos authentication system. It consists of two components: the Authentication Server (AS) and the Ticket Granting Server (TGS). The AS handles initial authentication requests and issues TGTs, while the TGS validates these TGTs and issues service tickets. This separation of functions enhances security by minimizing exposure to attack vectors.

6. Salting and Nonces

To thwart replay attacks, Kerberos employs salting and nonces (random numbers). Salting involves appending a random value to a user's password before hashing, making it more resistant to dictionary attacks. Nonces are unique values generated for each authentication request to prevent replay attacks.

Now, let's delve into further Kerberos vulnerabilities and their technical aspects:

7. Ticket-Granting Ticket (TGT) Expiry Time

By default, TGTs have a relatively long expiry time, which can be exploited by attackers if they can intercept and reuse them. Administrators should consider reducing TGT lifetimes to mitigate this risk.

8. Ticket Granting Ticket Renewal

Kerberos allows TGT renewal without re-entering the password. While convenient, this feature can be abused by attackers if they manage to capture a TGT. Limiting the number of renewals or implementing MFA for renewals can help mitigate this risk.

9. Service Principal Name (SPN) Abuse

Attackers may exploit misconfigured SPNs to impersonate legitimate services. Regularly review and audit SPNs to ensure they are correctly associated with the intended services.

10. Kerberoasting

Kerberoasting is an attack where attackers target service accounts to obtain service tickets and attempt offline brute-force attacks to recover plaintext passwords. Robust password policies and regular rotation of service account passwords can help mitigate this risk.

11. Silver Ticket and Golden Ticket Attacks

To defend against Silver and Golden Ticket attacks, it's essential to implement strong password policies, limit privileges of service accounts, and monitor for suspicious behavior, such as unusual access patterns.

12. Kerberos Constrained Delegation

Kerberos Constrained Delegation allows a service to impersonate a user to access other services. Misconfigurations can lead to security vulnerabilities, so careful planning and configuration are essential.

Mitigation strategies to counter these vulnerabilities include:

13. Shorter Ticket Lifetimes

Reducing the lifespan of TGTs and service tickets limits the window of opportunity for attackers to misuse captured tickets.

14. Regular Password Changes

Frequent password changes for service accounts and users can thwart offline attacks and reduce the impact of credential compromise.

15. Least Privilege Principle

Implement the principle of least privilege for service accounts, limiting their access only to the resources they need, and monitor for unusual access patterns.

16. Logging and Monitoring

Comprehensive logging and real-time monitoring of Kerberos traffic can help identify and respond to suspicious activities, including repeated failed authentication attempts.

Kerberos Delegation: A Technical Deep Dive

1. Understanding Delegation in Kerberos

Kerberos delegation allows a service to act on behalf of a user to access other services without requiring the user to reauthenticate for each service. This capability enhances the efficiency and usability of networked applications, particularly in complex environments where multiple services need to interact on behalf of a user.

2. Types of Kerberos Delegation

Kerberos delegation can be categorized into two main types:

Constrained Delegation: This type of delegation restricts the services a service can access on behalf of a user. It allows administrators to specify which services a given service can impersonate for the user.

Unconstrained Delegation: In contrast, unconstrained delegation grants the service full delegation rights, enabling it to access any service on behalf of the user without restrictions. Unconstrained delegation poses higher security risks and is generally discouraged.

3. How Delegation Works

Here's a step-by-step breakdown of how delegation occurs within the Kerberos authentication process:

Initial Authentication: The user logs in and obtains a Ticket Granting Ticket (TGT) from the Authentication Server (AS).

Request to Access a Delegated Service: The user requests access to a service that supports delegation.

Service Ticket Request: The user's client requests a service ticket from the Ticket Granting Server (TGS) to access the delegated service. The TGS issues a service ticket for the delegated service and includes the user's TGT encrypted with the service's secret key.

Service Access: The user presents the service ticket to the delegated service. The service decrypts the ticket using its secret key and obtains the user's TGT.

Secondary Authentication: The delegated service can then use the user's TGT to authenticate to other services on behalf of the user without the user's direct involvement. This secondary authentication occurs transparently to the user.

4. Delegation and Impersonation

Kerberos delegation can be seen as a form of impersonation. The delegated service effectively impersonates the user to access other services. This impersonation is secure because the delegated service needs to present both the user's TGT and the service ticket for the delegated service, proving it has the user's explicit permission.

5. Delegation in Multi-Tier Applications

Kerberos delegation is particularly useful in multi-tier applications, where multiple services are involved in processing a user's request. It allows a front-end service to securely delegate authentication to a back-end service on behalf of the user.

6. Protocol Extensions for Delegation

Kerberos extensions, such as Service-for-User (S4U) extensions, enable a service to request service tickets on behalf of a user without needing the user's TGT. These extensions are valuable for cases where the delegated service cannot obtain the user's TGT directly.

7. Benefits of Kerberos Delegation

Efficiency: Delegation eliminates the need for the user to repeatedly authenticate to access multiple services, improving the user experience.

Security: Delegation is secure because it relies on Kerberos authentication and requires proper configuration to work effectively.

Scalability: Delegation is well-suited for complex environments with multiple services and tiers, enhancing scalability.

In this comprehensive exploration of Kerberos, we've covered a wide array of topics, from the fundamentals of its authentication process to advanced concepts like delegation.

Kerberos, as a network authentication protocol, forms the backbone of secure communication within organizations. Its core principles include the use of tickets, encryption, and a trusted third-party Authentication Server (AS) to ensure secure client-service interactions.

Security is a paramount concern in Kerberos. The protocol employs encryption, timestamps, and mutual authentication to guarantee that only authorized users gain access to network resources. Understanding these security mechanisms is vital for maintaining robust network security.

Despite its robustness, Kerberos is not impervious to vulnerabilities. Attacks like AS-REP Roasting, Pass-the-Ticket, Golden Ticket, and Silver Ticket attacks can compromise security. Organizations must be aware of these vulnerabilities to take appropriate countermeasures.

Implementing best practices is essential for securing Kerberos-based authentication systems. These practices include enforcing strong password policies, regular key rotation, continuous monitoring, and employee training.

Delving into advanced Kerberos concepts, we explored delegation – both constrained and unconstrained. Delegation allows services to act on behalf of users, enhancing usability and efficiency in complex, multi-tiered applications. Understanding delegation and its security implications is crucial in such scenarios.

Advanced Kerberos concepts introduce additional security considerations. These include implementing fine-grained access controls, monitoring for unusual activities, and regularly analyzing logs to detect and respond to security incidents.

So to conclude, Kerberos stands as a foundational authentication protocol that plays a pivotal role in securing networked environments. It offers robust security mechanisms and advanced features like delegation to enhance usability. Staying informed about Kerberos' complexities, vulnerabilities, and best practices is essential to maintain a strong security posture in the ever-evolving landscape of cybersecurity.

#cybersecurity #active directory #kerberos #windows os #cyberattack

12 notes · View notes

cyber-sec · 10 months ago

Text

PoC Exploit Released For 0-Day Windows Kernel Privilege Escalation Vulnerability

Source: https://gbhackers.com/windows-0-day-poc-exploit/

More info: https://www.pixiepointsecurity.com/blog/nday-cve-2024-38106/

2 notes · View notes

mariacallous · 2 years ago

Text

(JTA) — When I was 18 years old, like many American Jews, I spent a gap year in Israel. At a right-wing army-prep program called Mechinat Yeud, located in the illegal settlement of Efrat, I learned Torah, went on hikes and practiced krav maga. I fondly look back at this year as a positive experience and a time when I matured as a young adult.

I also saw the daily mechanisms of the occupation, though I didn’t have the vocabulary to articulate this.

Over that year, I saw Palestinians whose cars bore different license plates than those driven by Jews. I saw a checkpoint between Israel and the West Bank that was a formality to Jews like my friends and me but very real to the Palestinians living right next to us. Though I finished my year in Yeud with a strong desire to live in Israel, I also knew that I couldn’t be complicit in Palestinian oppression.

I eventually moved to Israel and threw myself into anti-occupation activism, spending weeks and months at a time in Palestinian communities in the West Bank. In addition to the bureaucratic oppression that Palestinians face on a daily basis, I saw — and sometimes was a victim of — the settler violence that plagues the West Bank.

During the American civil rights movement, Rabbi Abraham Joshua Heschel famously referred to his protesting as “praying with his feet.” This past Yom Kippur, when the rabbis of the Talmud tell us to fully prostrate ourselves during prayer, I asked for forgiveness with my whole body by spending the Day of Atonement in Ein Rashash, a Palestinian Bedouin shepherding community located 22 miles northeast of Ramallah. Its residents had requested a 24/7 presence from solidarity activists due to threats from the nearby Israeli outpost of Malachi Hashalom.

According to a United Nations report released on Sept. 21, 1,105 Palestinians fled their homes and villages in 2022 and 2023. The report stated that settler violence is at a record high since the U.N. began documenting the trend in 2006.

This report includes the villages of Ein-Samia, Al-Qabun, al-Baqa and Ras al-Tin. All of these villages were located near Ein Rashash, and like Ein Rashash, the communities all relied on shepherding for their livelihood. Settler attacks in the Palestinian towns of Huwara and Turmus Aya, frequently described as pogroms, have received attention within Israel and internationally.

Ein Rashash has faced similar settler violence and harassment. Shortly upon entering the village, one can see where settlers shattered the windows of homes and destroyed an outhouse in an attack in June. The community is considering leaving their land just like the community of Ein-Samia and many others have done.

In response to this violence, a group of activists, most notably Rabbi Arik Ascherman, is spending long periods of time in Ein Rashash — located north of the ruins of Ein-Samia — to use our privilege as a de-escalating presence. When non-Palestinian activists are around, settler violence is less likely. Ein Rashash and the nearby villages are all located in Area C, the portion of the West Bank under full Israeli control as per the Oslo Accords. The Palestinian residents do not have Israeli citizenship, and they are subject to military law as opposed to the civil courts through which Israeli settlers are tried. “Protective Presence” activism is utilized in other communities in Area C that face regular threats of settler violence and home evictions, such as Masafer Yatta. I have done several shifts already, and I volunteered for the Yom Kippur shift.

I was accompanied by five other activists. The first thing we did was assign roles in case settlers came. Who would call the police or other activists? Who would film? Who would stand in front of a settler’s car if he tried to enter the village or drive through a flock of sheep? These are normal conversations in this line of work.

There is no break during Protective Presence activism. Either there’s an immediate incident, or you’re waiting for the next one. Every unfamiliar car or person in the distance can be a settler coming to attack or harass or bringing soldiers to force Palestinians off their land. A drone from the nearby outpost hovered overhead for around 30 seconds, and I was on edge for the next hour. You sleep with one eye open. Jewish holidays often bring with them right-wing violence in Israel and the West Bank. Hate crimes were carried out in Bat Yam this year and last year, and in 2021 there was a settler pogrom in the Palestinian village of Mufagara.

This is exhausting and emotionally draining. Unlike many other Protective Presence shifts I have participated in, Yom Kippur ended without incident.

After 25 hours, I had the privilege of going home to Jerusalem. Palestinians do not have this option. This is their life.

According to Torah, on Yom Kippur the Israelites are told to “afflict themselves.” The rabbis concluded that self-affliction must refer to fasting, reasoning that “affliction” refers to something that, when taken to a certain extent, can lead to death.

Life under occupation can, and does, lead to death. One look at the statistics makes that all too clear. Since 2000, 10,667 Palestinians in the occupied territories have been killed by Israeli soldiers or civilians.

Protective Presence is my self-affliction. And yet, in homage to Yom Kippur’s imagery of being sealed in the Book of Life, life goes on. Activists laughed with and got to know each other and our Palestinian hosts. We read and we ate delicious homemade food. We didn’t embrace misery as a form of repentance. We embraced the full spectrum of life.

I believe fasting is mentally, physically and spiritually unhealthy. The only self-affliction I find meaningful is in sharing the pain — and the joy — of my fellow human beings, particularly in a way that lightens their pain and suffering. The people of Ein Rashash have told us that our presence is making their lives easier and helping them stay on their land. The children are laughing and playing in a way that they were not when we first started these shifts. This has been the most meaningful Yom Kippur I’ve ever had.

In Mishnah Yoma 8:9, we learn that repentance on Yom Kippur only allows us to atone for the sins between ourselves and God. For a sin against another person, one must “satisfy their fellow.” We don’t need to ask God for forgiveness. We must stand with the Palestinians suffering under Israeli rule, until they’re satisfied.

I know that it’s not a matter of if the settlers will be back, but when. For as long as that’s the case, I will continue to pray with my body and sometimes “self-afflict” in the name of justice and equality. The Talmud states self-affliction does not absolve one from their sins towards other people, only those towards God. And yet, our sins towards other people are the ones for which we direly need to repent.

86 notes · View notes

buzzleaktv · 4 days ago

Text

CVE-2025-6018 and CVE-2025-6019 Vulnerability Exploitation: Chaining Local Privilege Escalation Flaws Lets Attackers Gain Root Access on Most Linux Distributions

Unlock the Secrets of Ethical Hacking! Ready to dive into the world of offensive security? This course gives you the Black Hat hacker’s perspective, teaching you attack techniques to defend against malicious activity. Learn to hack Android and Windows systems, create undetectable malware and ransomware, and even master spoofing techniques. Start your first hack in just one hour! Enroll now and…

0 notes

ur-online-friend · 14 days ago

Text

0 notes

echowisdom · 26 days ago

Text

Step-by-Step Guide to Mastering Active Directory Pentesting Techniques

Active Directory (AD) is the backbone of almost every modern corporate IT environment. It stores all critical user and system information and governs access across an enterprise. With its central role in network infrastructure, it also becomes a prime target for attackers. That’s why mastering Active Directory pentesting techniques is crucial for cybersecurity professionals who want to stay ahead of threats.

This blog walks you through a positive, step-by-step guide to becoming proficient in Active Directory pentesting. Whether you're a beginner or looking to sharpen your skills, these insights and tips will set you on the right path.

1. Understand the Basics of Active Directory

Before diving into pentesting, you need a solid understanding of what Active Directory is and how it functions. Active Directory is essentially a directory service that manages user data, authentication, and access permissions in a networked environment.

Start by learning about the core AD components:

Domain Controllers

Users and Groups

Organizational Units (OUs)

Group Policy Objects (GPOs)

Trusts and Forests

Having a strong grasp of these elements lays the groundwork for effective pentesting. Without understanding the architecture and how it operates, it’s nearly impossible to identify potential weaknesses or attack vectors.

2. Set Up a Lab Environment

The best way to learn AD pentesting is through hands-on practice. Set up a lab environment where you can safely explore and test your skills without risking real systems. Use virtual machines to simulate a Windows domain environment with various user roles and permissions.

In this lab, practice key AD functions like:

Creating users and groups

Applying Group Policies

Configuring Domain Controllers

Simulating common configurations

This setup helps you understand what’s considered “normal” behavior in AD, making it easier to spot and exploit vulnerabilities during a pentest.

3. Learn the Attack Surface of Active Directory

Once you're comfortable with the basics, it's time to explore how attackers view Active Directory. The AD attack surface is vast. From misconfigured permissions to outdated patches, there are numerous paths an attacker might take.

Common AD attack vectors include:

Password Spraying

Kerberoasting

Pass-the-Hash

NTLM Relay Attacks

DLL Injection

Credential Dumping

Each of these techniques targets a specific AD weakness, and knowing them is vital for both red teamers and defenders. Familiarize yourself with these vectors in your lab to see how they work and how they can be mitigated.

4. Master Enumeration Techniques

In AD pentesting, enumeration is one of the most critical initial phases. This is where you gather information about the target network without triggering alarms. The more intel you have, the more precise your attacks will be.

Key enumeration tasks include:

Listing domain users and groups

Identifying admin accounts

Mapping network shares

Discovering service accounts and permissions

Tools and scripts can help with enumeration, but the knowledge of what data to look for and how it can be used is what separates beginners from experts.

5. Understand Privilege Escalation Methods

Once you’ve successfully enumerated a domain and identified weak points, the next step in pentesting is privilege escalation. This phase focuses on moving from a regular user account to higher privileges, ideally reaching domain admin status.

Common privilege escalation techniques include:

Exploiting misconfigured service permissions

Abuse of Group Policy Preferences

Exploiting token impersonation

Over-permissioned Active Directory Delegation

Practicing these in a safe environment helps you develop intuition for privilege misconfigurations and how to use them to your advantage in a pentest.

6. Learn Lateral Movement Strategies

After escalating privileges, attackers often move laterally across systems to expand access and maintain persistence. As a pentester, understanding and practicing lateral movement techniques is key to assessing how far a compromise can go.

Typical lateral movement tactics involve:

Remote Desktop Protocol (RDP)

Windows Management Instrumentation (WMI)

PsExec

SMB and PowerShell remoting

Each method can be used to pivot from one machine to another, and each leaves specific traces. Being proficient in these strategies helps you mimic real-world attack paths and understand how to detect them.

7. Explore Credential Access and Dumping

One of the most sensitive areas in AD pentesting is credential dumping—extracting usernames and passwords from memory or files. This technique is powerful because it can provide direct access to high-value accounts.

Tools often target:

LSASS process memory

SAM database

Cached credentials

Registry hives

It's vital to practice this responsibly. In your lab, you’ll see how easy it is for a determined attacker to get credentials and why protecting this area is so crucial for security teams.

8. Study Persistence Mechanisms

Attackers who gain control of AD often seek to maintain long-term access. Learning persistence mechanisms helps you understand how an attacker could stay hidden in a network even after reboots or password changes.

Some common persistence techniques include:

Backdooring Group Policies

Modifying user attributes

Planting scheduled tasks

Creating rogue trust relationships

By studying these, you’ll become skilled at identifying traces left behind and designing better defensive strategies for detection and removal.

9. Simulate Realistic Attack Chains

It’s one thing to know individual techniques—it’s another to chain them together into a realistic attack scenario. Practicing full attack paths from initial access to domain admin gives you a comprehensive view of how real-world breaches unfold.

Example scenarios to try in your lab:

Compromising a low-privileged user → Kerberoasting → Privilege escalation → Lateral movement → Domain admin

Exploiting an exposed service → Dumping credentials → Creating persistence

Simulating these chains strengthens your situational awareness and helps you think like an attacker planning a complete campaign.

10. Practice Blue Team Countermeasures

Even though your focus is on pentesting, understanding how defenders operate makes you a better attacker. Try to detect your own attacks using security monitoring tools, logs, and behavior analytics.

Ask yourself:

What logs are generated during this attack?

How could a security team detect this movement?

What could block or alert on this technique?

This dual perspective is incredibly valuable in professional settings, where many pentesters also offer remediation advice post-assessment.

11. Document Your Findings Professionally

Pentesting isn’t just about breaking things—it’s about clearly communicating what you found and how to fix it. Learning to write detailed, organized, and actionable reports is essential.

A great report includes:

Executive summary for non-technical stakeholders

Technical breakdowns of each finding

Screenshots and proof-of-concept evidence

Remediation recommendations

Practice writing reports after each lab or simulation. It’s a skill that makes you stand out and shows you can deliver value beyond just identifying issues.

12. Stay Updated with New Techniques

Cybersecurity is always evolving, and so are the tactics used to breach Active Directory. Following security blogs, online communities, and research papers helps you stay on top of the latest developments.

Also, make sure to revisit your lab regularly and test out newly discovered vulnerabilities or techniques. The more proactive you are, the sharper your skills become.

For a structured and comprehensive approach to Active Directory pentesting, many learners have benefited from training like https://academy.cyberyozh.com/courses/active-directory/.

13. Test Yourself with Capture The Flag (CTF) Challenges

Once you're confident in your skills, put them to the test with CTF-style challenges. These simulations present realistic AD scenarios with hidden “flags” that you must uncover using your pentesting knowledge.

CTFs are fun, competitive, and immensely educational. They also help you benchmark your progress and identify areas to improve.

14. Network with the Community

No one masters pentesting alone. Engage with cybersecurity communities where you can exchange ideas, ask questions, and learn from others’ experiences. Forums, discussion groups, and meetups are great places to stay inspired and informed.

Surrounding yourself with like-minded individuals also opens doors to mentorship, collaboration, and even job opportunities in ethical hacking and red teaming.

15. Keep Practicing and Repeating

Mastery comes with repetition. Go back to earlier steps, rebuild your lab with new configurations, and keep exploring. Every iteration will sharpen your instincts and deepen your expertise.

Remember, the goal isn’t just to pass tests or run tools—it’s to think critically, adapt quickly, and understand the full picture of securing an Active Directory environment.

Conclusion

Active Directory pentesting is a skill set that demands a balance of technical knowledge, practical experience, and a security-first mindset. By following this step-by-step guide, you’ll build a strong foundation in the core techniques that attackers use—and defenders must prepare for.

From setting up a lab and understanding enumeration, to mastering privilege escalation and lateral movement, each step brings you closer to becoming a proficient AD pentester. Keep practicing, stay curious, and always think a step ahead. The more you hone your skills, the more valuable you become in protecting today’s digital environments.

0 notes