.svg){kind=link}
/Resources/Images/Deterministic MAC.svg){kind=link}
/Resources/Images/HMAC.svg){kind=link}
/Resources/Images/MAC Example Mechanism.svg){kind=link}
/Resources/Images/MAC Mechanism.svg){kind=link}
/Resources/Images/Message Authentication Code.svg){kind=link}
/Resources/Images/ARP Address Resolution.svg){kind=link}
/Resources/Images/Reverse Address Resolution.svg){kind=link}
/Internet Protocol v4 (IPv4)/Resources/Images/Classful IP Address Format.svg){kind=link}
/Internet Protocol v4 (IPv4)/Resources/Images/Default Subnet Masks.svg){kind=link}
/Internet Protocol v4 (IPv4)/Resources/Images/IP Dotted Decimal.svg){kind=link}
/Internet Protocol v4 (IPv4)/Resources/Images/IPv4 Datagram.svg){kind=link}
/Internet Protocol v4 (IPv4)/Resources/Images/IPv4 Fragmentation Flags.svg){kind=link}
/Internet Protocol v4 (IPv4)/Resources/Images/IPv4 Option.svg){kind=link}
/Internet Protocol v4 (IPv4)/Resources/Images/Network and Host ID.svg){kind=link}
/Internet Protocol v4 (IPv4)/Resources/Images/Subnet Mask.svg){kind=link}
/Internet Protocol v4 (IPv4)/Resources/Images/Subnetting.svg){kind=link}
/Internet Protocol v4 (IPv4)/Resources/Images/Subnetting Summary.svg){kind=link}
/Management Frames/Resources/Images/802_11_authentication.svg){kind=link}
/Management Frames/Resources/Images/Association_Request.svg){kind=link}
/Management Frames/Resources/Images/Association_Response.svg){kind=link}
/Management Frames/Resources/Images/Authentication_Frame.svg){kind=link}
/Management Frames/Resources/Images/Beacon_Frame.svg){kind=link}
/Management Frames/Resources/Images/BSS_Load_MFIE.svg){kind=link}
/Management Frames/Resources/Images/Capability_Information.svg){kind=link}
/Management Frames/Resources/Images/Challenge_Text_MFIE.svg){kind=link}
/Management Frames/Resources/Images/Channel_Switch_Announcement_MFIE.svg){kind=link}
/Management Frames/Resources/Images/Country_MFIE.svg){kind=link}
/Management Frames/Resources/Images/Deassociation_Frame.svg){kind=link}
/Management Frames/Resources/Images/Deauthentication_Frame.svg){kind=link}
/Management Frames/Resources/Images/DS_Parameter_Set_MFIE.svg){kind=link}
/Management Frames/Resources/Images/ERP_MFIE.svg){kind=link}
/Management Frames/Resources/Images/Extended_Supported_Rates_MFIE.svg){kind=link}
/Management Frames/Resources/Images/IBSS_DFS_MFIE.svg){kind=link}
/Management Frames/Resources/Images/IBSS_DFS_MFIE 1.svg){kind=link}
/Management Frames/Resources/Images/IBSS_Parameter_Set.svg){kind=link}
/Management Frames/Resources/Images/Management_Frame.svg){kind=link}
/Management Frames/Resources/Images/MFIE.svg){kind=link}
/Management Frames/Resources/Images/Power_Capability_MFIE.svg){kind=link}
/Management Frames/Resources/Images/Power_Constraint_MFIE.svg){kind=link}
/Management Frames/Resources/Images/Probe_Request_Frame.svg){kind=link}
/Management Frames/Resources/Images/Probe_Response_Frame.svg){kind=link}
/Management Frames/Resources/Images/Quiet_MFIE.svg){kind=link}
/Management Frames/Resources/Images/Quiet_MFIE 1.svg){kind=link}
/Management Frames/Resources/Images/Reassociation_Request.svg){kind=link}
/Management Frames/Resources/Images/Request_Information_MFIE.svg){kind=link}
/Management Frames/Resources/Images/RSN_MFIE.svg){kind=link}
/Management Frames/Resources/Images/SSID_MFIE.svg){kind=link}
/Management Frames/Resources/Images/Supported_Channels_MFIE.svg){kind=link}
/Management Frames/Resources/Images/Supported_Rates_MFIE.svg){kind=link}
/Management Frames/Resources/Images/TPC_Report_MFIE.svg){kind=link}
/Management Frames/Resources/Images/TPC_Request_MFIE.svg){kind=link}
/Management Frames/Resources/Images/WiFi_authentication_association.svg){kind=link}
/Resources/Images/8021X_entities.svg){kind=link}
/Resources/Images/EAP_FAST.svg){kind=link}
/Resources/Images/EAP_TLS.svg){kind=link}
/Resources/Images/LEAP.svg){kind=link}
/Resources/Images/MAC_Header_QoS.svg){kind=link}
/Resources/Images/PEAP.svg){kind=link}
/Resources/Images/Shared_Key_Auth.svg){kind=link}
/Resources/Images/WEP_RC4.png){kind=link}
/Resources/Images/WiFi_Integrity_MIC.svg){kind=link}
/Resources/Images/WLAN_Frame.svg){kind=link}
/Resources/Images/WLAN_Frame_Control.svg){kind=link}
/Resources/Images/bloodhound/domainadmins.png){kind=link}
/Resources/Images/bloodhound/importedsummary.png){kind=link}
/Resources/Images/bloodhound/sharphoundcollector.png){kind=link}
/Resources/Images/bloodhound/uploaddata.png){kind=link}
/Resources/Images/getdomaincomputers.png){kind=link}
/Resources/Images/getdomaingroups.png){kind=link}
/Resources/Images/getdomainpolicy.png){kind=link}
/Resources/Images/getdomainuserproperty.png){kind=link}
/Resources/Images/getnetdomain.png){kind=link}
/Resources/Images/getnetdomaincontroller.png){kind=link}
/Resources/Images/getnetgpo.png){kind=link}
/Resources/Images/getnetusersamaccname.png){kind=link}
/Resources/Images/getsystemaccessdomainpolicy.png){kind=link}
/Resources/Images/powershell-ep-bypass.png){kind=link}
/Resources/Images/Subdomain Enumeration/httprobe Example.png){kind=link}
/Resources/Images/Subdomain Enumeration/Sublist3r Example.png){kind=link}
/Resources/Images/recon-ng-modules-load.png){kind=link}
/Resources/Images/recon-ng-workspaces-list.png){kind=link}
/Resources/Images/Reverse Whois Lookup.png){kind=link}
/Resources/Images/theHarvester-simple-results.png){kind=link}
/Resources/Images/whois lookup.png){kind=link}
/Resources/Images/Domain Controllers/View Domain Naming Master.png){kind=link}
/Resources/Images/Domain Controllers/View Schema Master.png){kind=link}
/Resources/Images/Groups/Group Creation.png){kind=link}
/Resources/Images/Hierarchy/Domain Tree Example.svg){kind=link}
/Resources/Images/Hierarchy/Transitive Trust.svg){kind=link}
/Resources/Images/Naming Contexts/Create Application Partition.png){kind=link}
/Resources/Images/Naming Contexts/Delete Application Partition.png){kind=link}
/Resources/Images/Naming Contexts/LDP Connect.png){kind=link}
/Resources/Images/Naming Contexts/LDP Naming Contexts.png){kind=link}
/Resources/Images/Naming Contexts/Naming Context Segregation.png){kind=link}
/Resources/Images/Naming Contexts/PowerShell Naming Contexts.png){kind=link}
/Schema/Resources/Images/Active Directory Module for PowerShell.png){kind=link}
/Schema/Resources/Images/Add Schema Snap-In MMC.png){kind=link}
/Schema/Resources/Images/ADSI Edit Configuration NC.png){kind=link}
/Schema/Resources/Images/ADSI Edit Schema NC.png){kind=link}
/Schema/Resources/Images/ADSI Edit Schema Version.png){kind=link}
/Schema/Resources/Images/Index Attribute.png){kind=link}
/Schema/Resources/Images/Inheritance Tree of user.svg){kind=link}
/Schema/Resources/Images/Launc MMC.png){kind=link}
/Schema/Resources/Images/Schema Version PowerShell.png){kind=link}
Introduction
The Advanced Encryption Standard (AES) is an encryption standard which has been ubiquitously adopted due to its security and has been standardised by NIST. It is comprised of three symmetric block ciphers which all take blocks of size 128 bits and output blocks of the same size. AES has three versions depending on the length of the key it can take. These are AES-128, AES-192, and AES-256, for 128-, 192-, and 256-bit keys, respectively. While the different AES versions may use a different length for the initial key, all round keys derived from it will still be the same size as the block - 128 bits.
The key length also determines the number of rounds that each 128-bit block goes through:
| Key Length | Number of Rounds |
|---|---|
| 128 | 10 |
| 192 | 12 |
| 256 | 14 |
AES operates on a 4x4 matrix called the State (
At the beginning of both the encryption and decryption algorithms, the state is populated with the 16 bytes from the input block in the following way:
The indices
At the end, the final State is mapped back to a 16-byte output array by a similar procedure:
AES Operations
AES has 4 basic of operations: SubBytes, ShiftRows, MixColumns and AddRoundKey. Encryption and decryption boil down to stringing these operations in a certain order. Note that for decryption we have the inverse of these operations: InvSubBytes, InvShiftRows and InvMixColumns (AddRoundKey is its own inverse).
SubBytes
The SubBytes operation substitutes each element of the state with one from a predefined 16x16 lookup table called the S-box. This is an essential part of the cipher because it introduces complexity which makes it difficult to deduce any information about the key form the ciphertext. This complexity is based in non-linearity. Basically, complicated non-linear function is applied to every byte in the state. To speed up the process, the substitutions have been pre-computed for the byte values 0x00 to 0xff and summarised into the S-box. Note that there are two versions of the S-box - one for encryption and the other for decryption.
The row is specified by the most significant nibble and the column by the least significant.
ShiftRows & MixColumns
These two operations introduce diffusion to the AES algorithm. For a cipher to be as secure as possible, changes in the plaintext should propagate to many bits in the ciphertext. Ideally, changing one bit of the plaintext should alter at least half the bits in the ciphertext. This is known as the Avalanche effect.
ShiftRows is the simplest of AES operations and ensures that the columns of the State are not encrypted independently. This operation leaves the first row unchanged and shifts the second row one byte to the left, wrapping around. The third row is similarly shifted left by two bytes, again wrapping around, and the fourth row is shifted 3 bytes to left, wrapping around:
MixColumns is a lot more complex and involves matrix multiplication in Rijndael's Galois field between the State and a pre-computed matrix. The key takeaway is that every byte affects all other bytes in the same column.
AddRoundKey
The AddRoundKey operation is quite simple - all it does is XOR the state with the current round key:
Encryption
First is the Key Expansion phase where
Decryption
Decryption involves running the inverse round operations and in reverse order. Again, the Key Expansion phase generates the same
The InvMixColumns operation is again dropped from the final round.