search
Buy me a tea

Attacking Active Directory

Note: This documentation is mostly made from my notes on TCM Security Academyarrow-up-right It will be complemented with notes from my practice and from other classes like the one from HTB Academyarrow-up-right

hashtag
Methodology

  • Useful tool to install in kali is pimpmykaliarrow-up-right (choose 0 in option menu)

  • First thing to do is launch responder (along with scans to generate traffic)

  • LLMNR Poisoning

  • SMB Relay Attack

  • Look for websites in scope

  • Check for default credentials (printers, tomcat, jenkins,...)

  • Compromise a machine (as many as possible with lateral movement)

  • Enumerate (network) with tools for post-compromise attack

  • Get Domain Admin with post-compromise attacks

  • Dump with mimikatz

hashtag
Resources

LogoWADComswadcoms.github.iochevron-right
An Amazing offensive AD interactive Cheat sheet by John Woodman
LogoPage not found - HackTricksbook.hacktricks.xyzchevron-right
Hacktricks - Active Directory Methodology
LogoPractical Ethical Hacking - The Complete Courseacademy.tcm-sec.comchevron-right
TCM-Security Academy
LogoTop Five Ways I Got Domain Admin on Your Internal Network before Lunch (2018 Edition)Mediumchevron-right
Top Five Ways I Got Domain Admin - Adam Toscher
Active Directory & Azure AD/Entra ID Security – Active Directory & Azure AD/Entra ID: Enterprise Security, Methods to Secure Active Directory, Attack Methods & Effective Defenses, PowerShell, Tech Notes, & Geek Trivia…adsecurity.orgchevron-right
Active Directory Security Blog
Logoharmj0yharmj0ychevron-right
Harmj0y Blog
LogoTop Five Ways I Got Domain Admin on Your Internal Network before Lunch (2018 Edition)Mediumchevron-right
Top Five Ways I Got Domain Admin on Your Internal Network before Lunch (2018 Edition) Adam Toscher
LogoPayloadsAllTheThings/Methodology and Resources/Active Directory Attack.md at master · swisskyrepo/PayloadsAllTheThingsGitHubchevron-right
Active Directory Attacks - PayloadsAllTheThings
LogoGitHub - Cloud-Architekt/AzureAD-Attack-Defense: This publication is a collection of various common attack scenarios on Microsoft Entra ID (formerly known as Azure Active Directory) and how they can be mitigated or detected.GitHubchevron-right
Azure AD - Attack and Defense Playbook - Cloud Architekt
LogoGitHub - Integration-IT/Active-Directory-Exploitation-Cheat-Sheet: A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.GitHubchevron-right
Active Directory Exploitation Cheat Sheet - Integration IT
LogoGitHub - drak3hft7/Cheat-Sheet---Active-Directory: This cheat sheet outlines common enumeration and attack methods for Windows Active Directory using PowerShell.GitHubchevron-right
Cheat Sheet - Attack Active Directory - drak3hft7
LogoGitHub - S1ckB0y1337/Active-Directory-Exploitation-Cheat-Sheet: A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.GitHubchevron-right
Active Directory Exploitation Cheat Sheet - S1ckB0y1337
https://github.com/Orange-Cyberdefense/arsenal/blob/master/mindmap/pentest_ad.pnggithub.comchevron-right
Pentesting active directory - Orange Cyberdéfense
LogoBuilding and Attacking an Active Directory lab with PowerShell1337redchevron-right
BUILDING AND ATTACKING AN ACTIVE DIRECTORY LAB WITH POWERSHELL - 1337RED
LogoGitHub - Orange-Cyberdefense/GOAD: game of active directoryGitHubchevron-right
GOAD (Game Of Active Directory) - Orange Cyberdéfense
Attack Methods for Gaining Domain Admin Rights in Active DirectoryActive Directory & Azure AD/Entra ID Securitychevron-right
Attack Methods for Gaining Domain Admin Rights in Active Directory - Sean Metcalf - adsecurity
LogoHomehackndochevron-right
hackndo - Pixis
https://www.thehacker.recipes/ad/www.thehacker.recipeschevron-right
The Hacker Recipes - Shutdown
dirkjanm.iodirkjanm.iochevron-right
Dirk-jan Mollema's blog
PreviousActive DirectoryNextLLMNR Poisoning

Last updated