Buy me a tea

Attacking Active Directory

Note: This documentation is mostly made from my notes on TCM Security Academy It will be complemented with notes from my practice and from other classes like the one from HTB Academy

Methodology

  • Useful tool to install in kali is pimpmykali (choose 0 in option menu)

  • First thing to do is launch responder (along with scans to generate traffic)

  • LLMNR Poisoning

  • SMB Relay Attack

  • Look for websites in scope

  • Check for default credentials (printers, tomcat, jenkins,...)

  • Compromise a machine (as many as possible with lateral movement)

  • Enumerate (network) with tools for post-compromise attack

  • Get Domain Admin with post-compromise attacks

  • Dump with mimikatz

Resources

LogoWADComs
An Amazing offensive AD interactive Cheat sheet by John Woodman
LogoActive Directory MethodologyHackTricks
Hacktricks - Active Directory Methodology
LogoPractical Ethical Hacking - The Complete Course
TCM-Security Academy
LogoTop Five Ways I Got Domain Admin on Your Internal Network before Lunch (2018 Edition)Medium
Top Five Ways I Got Domain Admin - Adam Toscher
Active Directory Security – Active Directory & Enterprise Security, Methods to Secure Active Directory, Attack Methods & Effective Defenses, PowerShell, Tech Notes, & Geek Trivia…
Active Directory Security Blog
Home - Coding towards chaotic good and blogging about it - harmj0yharmj0y
Harmj0y Blog
LogoTop Five Ways I Got Domain Admin on Your Internal Network before Lunch (2018 Edition)Medium
Top Five Ways I Got Domain Admin on Your Internal Network before Lunch (2018 Edition) Adam Toscher
LogoPayloadsAllTheThings/Active Directory Attack.md at master · swisskyrepo/PayloadsAllTheThingsGitHub
Active Directory Attacks - PayloadsAllTheThings
LogoGitHub - Cloud-Architekt/AzureAD-Attack-Defense: This publication is a collection of various common attack scenarios on Azure Active Directory and how they can be mitigated or detected.GitHub
Azure AD - Attack and Defense Playbook - Cloud Architekt
LogoGitHub - Integration-IT/Active-Directory-Exploitation-Cheat-Sheet: A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.GitHub
Active Directory Exploitation Cheat Sheet - Integration IT
LogoGitHub - drak3hft7/Cheat-Sheet---Active-Directory: This cheat sheet contains common enumeration and attack methods for Windows Active Directory with the use of powershell.GitHub
Cheat Sheet - Attack Active Directory - drak3hft7
LogoGitHub - S1ckB0y1337/Active-Directory-Exploitation-Cheat-Sheet: A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.GitHub
Active Directory Exploitation Cheat Sheet - S1ckB0y1337
Logoarsenal/pentest_ad.png at master · Orange-Cyberdefense/arsenalGitHub
Pentesting active directory - Orange Cyberdéfense
LogoBuilding and Attacking an Active Directory lab with PowerShell1337red
BUILDING AND ATTACKING AN ACTIVE DIRECTORY LAB WITH POWERSHELL - 1337RED
LogoGitHub - Orange-Cyberdefense/GOAD: game of active directoryGitHub
GOAD (Game Of Active Directory) - Orange Cyberdéfense
Attack Methods for Gaining Domain Admin Rights in Active DirectoryActive Directory Security
Attack Methods for Gaining Domain Admin Rights in Active Directory - Sean Metcalf - adsecurity
LogoHomehackndo
hackndo - Pixis
LogoReconnaissanceThe Hacker Recipes
The Hacker Recipes - Shutdown
dirkjanm.iodirkjanm.io
Dirk-jan Mollema's blog
PreviousActive DirectoryNextLLMNR Poisoning

Last updated