Active Directory

Resources

LogoActive-Directory-Exploitation-Cheat-Sheet/README.md at master · Integration-IT/Active-Directory-Exploitation-Cheat-SheetGitHub
LogoActive Directory Checklist - Attack & Defense CheatsheetCyber Security News
LogoPost Compromise Active Directory ChecklistPwnDefend

Useful Tools

• PingCastle – https://www.pingcastle.com/

• Bloodhound – https://github.com/BloodHoundAD/BloodHound

• Adalanche – https://github.com/lkarlslund/adalanche

• ADACLScanner – https://github.com/canix1/ADACLScanner

• SysInternals – https://docs.microsoft.com/en-us/sysinternals/

AdFind - http://www.joeware.net/freetools/tools/adfind/index.htm

Active Directory Security – Active Directory & Enterprise Security, Methods to Secure Active Directory, Attack Methods & Effective Defenses, PowerShell, Tech Notes, & Geek Trivia…
LogoAdministrative tools and logon types reference - Windows Serverdocsmsft
LogoActive Directory Exploitation Cheat SheetEthical Hackers Academy
LogoPayloadsAllTheThings/Active Directory Attack.md at master · swisskyrepo/PayloadsAllTheThingsGitHub

Attacking Active Directory: Initial Attack Vectors

LogoTop Five Ways I Got Domain Admin on Your Internal Network before Lunch (2018 Edition)Medium
Logomitm6 – compromising IPv4 networks via IPv6Fox-IT International blog

Combining NTLM Relays and Kerberos Delegation:

The worst of both worlds: Combining NTLM Relaying and Kerberos delegationdirkjanm.io

Attacking Active Directory: Post-Compromise Enumeration

PowerView Cheat Sheet:

Attacking Active Directory: Post-Compromise Attacks

Group Policy Pwnage:

LogoPentesting in the Real World: Group Policy Pwnage | Rapid7 BlogRapid7

Mimikatz:

LogoGitHub - gentilkiwi/mimikatz: A little tool to play with Windows securityGitHub

Active Directory Security Blog:

Active Directory Security – Active Directory & Enterprise Security, Methods to Secure Active Directory, Attack Methods & Effective Defenses, PowerShell, Tech Notes, & Geek Trivia…

Harmj0y Blog:

Home - Coding towards chaotic good and blogging about it - harmj0yharmj0y

Pentester Academy Active Directory:

Attacking and Defending Active Directory Lab

Pentester Academy Red Team Labs:

Windows Red Team Lab

eLS PTX:

https://www.elearnsecurity.com/course/penetration_testing_extreme/www.elearnsecurity.com
LogoActive Directory Attack Cheat SheetMedium
LogoActive Directory Kill Chain Attack & Defense - A Complete Guide & ToolsCyber Security News

INITIAL ACCESS

Responder

  • responder -I eth0 -dw

  • copy all the hash

  • gedit ntlmhash.txt

Captured Hash cracking with Hashcat

  • hashcat -m 5600 ntlmhash.txt rockyou.txt --force (VM)

  • hashcat64.exe -m 5600 ntlmhash.txt rockyou.txt -O (WIN)

MITM6

-----------------------------------------------------------------------------------------------------

  1. Pass the pass & pass the hash

  2. Token Impersonation

  3. Kerberoasting

  4. Mimikatz > Golden ticket

Additional Resources:

LogoActive Directory Exploitation Cheat SheetEthical Hackers Academy

Responder config for SMB relay attack

ntlmrelayx.py -tf targets.txt -smb2support

PreviousOSINT FrameworksNextAD PT Mindset

Last updated