Active Directory

Resources

Active-Directory-Exploitation-Cheat-Sheet/README.md at master · Integration-IT/Active-Directory-Exploitation-Cheat-SheetGitHub

Active Directory Checklist - Attack & Defense CheatsheetCyber Security News

TryHackMe – Attacktive Directory{ Eric's Blog }

Post Compromise Active Directory ChecklistPwnDefend

Useful Tools

• PingCastle – https://www.pingcastle.com/

• Bloodhound – https://github.com/BloodHoundAD/BloodHound

• Adalanche – https://github.com/lkarlslund/adalanche

• ADACLScanner – https://github.com/canix1/ADACLScanner

• SysInternals – https://docs.microsoft.com/en-us/sysinternals/

AdFind - http://www.joeware.net/freetools/tools/adfind/index.htm

Active Directory Security – Active Directory & Enterprise Security, Methods to Secure Active Directory, Attack Methods & Effective Defenses, PowerShell, Tech Notes, & Geek Trivia…

Administrative tools and logon types reference - Windows Serverdocsmsft

Active Directory Exploitation Cheat SheetEthical Hackers Academy

PayloadsAllTheThings/Active Directory Attack.md at master · swisskyrepo/PayloadsAllTheThingsGitHub

Attacking Active Directory: Initial Attack Vectors

Top Five Ways I Got Domain Admin on Your Internal Network before Lunch (2018 Edition)Medium

mitm6 – compromising IPv4 networks via IPv6Fox-IT International blog

Combining NTLM Relays and Kerberos Delegation:

The worst of both worlds: Combining NTLM Relaying and Kerberos delegationdirkjanm.io

Attacking Active Directory: Post-Compromise Enumeration

PowerView Cheat Sheet:

Attacking Active Directory: Post-Compromise Attacks

Group Policy Pwnage:

Pentesting in the Real World: Group Policy Pwnage | Rapid7 BlogRapid7

Mimikatz:

GitHub - gentilkiwi/mimikatz: A little tool to play with Windows securityGitHub

Active Directory Security Blog:

Active Directory Security – Active Directory & Enterprise Security, Methods to Secure Active Directory, Attack Methods & Effective Defenses, PowerShell, Tech Notes, & Geek Trivia…

Harmj0y Blog:

Home - Coding towards chaotic good and blogging about it - harmj0yharmj0y

Pentester Academy Active Directory:

Attacking and Defending Active Directory Lab

Pentester Academy Red Team Labs:

Windows Red Team Lab

eLS PTX:

https://www.elearnsecurity.com/course/penetration_testing_extreme/www.elearnsecurity.com

Active Directory Attack Cheat SheetMedium

Active Directory Kill Chain Attack & Defense - A Complete Guide & ToolsCyber Security News

INITIAL ACCESS

Responder

• responder -I eth0 -dw

• copy all the hash

• gedit ntlmhash.txt

Captured Hash cracking with Hashcat

• hashcat -m 5600 ntlmhash.txt rockyou.txt --force (VM)

• hashcat64.exe -m 5600 ntlmhash.txt rockyou.txt -O (WIN)

MITM6

-----------------------------------------------------------------------------------------------------

1. Pass the pass & pass the hash

2. Token Impersonation

3. Kerberoasting

4. Mimikatz > Golden ticket

Additional Resources:

Active Directory Exploitation Cheat SheetEthical Hackers Academy

Responder config for SMB relay attack

ntlmrelayx.py -tf targets.txt -smb2support