Attacking Active Directory

Note: This documentation is mostly made from my notes on TCM Security Academy It will be complemented with notes from my practice and from other classes like the one from HTB Academy


  • Useful tool to install in kali is pimpmykali (choose 0 in option menu)

  • First thing to do is launch responder (along with scans to generate traffic)

  • LLMNR Poisoning

  • SMB Relay Attack

  • Look for websites in scope

  • Check for default credentials (printers, tomcat, jenkins,...)

  • Compromise a machine (as many as possible with lateral movement)

  • Enumerate (network) with tools for post-compromise attack

  • Get Domain Admin with post-compromise attacks

  • Dump with mimikatz


Last updated