Attacking Active Directory

Note: This documentation is mostly made from my notes on TCM Security Academy It will be complemented with notes from my practice and from other classes like the one from HTB Academy

Methodology

• Useful tool to install in kali is pimpmykali (choose 0 in option menu)

• First thing to do is launch responder (along with scans to generate traffic)

• LLMNR Poisoning

• SMB Relay Attack

• Look for websites in scope

• Check for default credentials (printers, tomcat, jenkins,...)

• Compromise a machine (as many as possible with lateral movement)

• Enumerate (network) with tools for post-compromise attack

• Get Domain Admin with post-compromise attacks

• Dump with mimikatz

Resources

WADComs

An Amazing offensive AD interactive Cheat sheet by John Woodman

Active Directory MethodologyHackTricks

Hacktricks - Active Directory Methodology

Practical Ethical Hacking - The Complete Course

TCM-Security Academy

Top Five Ways I Got Domain Admin on Your Internal Network before Lunch (2018 Edition)Medium

Top Five Ways I Got Domain Admin - Adam Toscher

Active Directory Security – Active Directory & Enterprise Security, Methods to Secure Active Directory, Attack Methods & Effective Defenses, PowerShell, Tech Notes, & Geek Trivia…

Active Directory Security Blog

Home - Coding towards chaotic good and blogging about it - harmj0yharmj0y

Harmj0y Blog

Top Five Ways I Got Domain Admin on Your Internal Network before Lunch (2018 Edition)Medium

Top Five Ways I Got Domain Admin on Your Internal Network before Lunch (2018 Edition) Adam Toscher

PayloadsAllTheThings/Active Directory Attack.md at master · swisskyrepo/PayloadsAllTheThingsGitHub

Active Directory Attacks - PayloadsAllTheThings

GitHub - Cloud-Architekt/AzureAD-Attack-Defense: This publication is a collection of various common attack scenarios on Azure Active Directory and how they can be mitigated or detected.GitHub

Azure AD - Attack and Defense Playbook - Cloud Architekt

GitHub - Integration-IT/Active-Directory-Exploitation-Cheat-Sheet: A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.GitHub

Active Directory Exploitation Cheat Sheet - Integration IT

GitHub - drak3hft7/Cheat-Sheet---Active-Directory: This cheat sheet contains common enumeration and attack methods for Windows Active Directory with the use of powershell.GitHub

Cheat Sheet - Attack Active Directory - drak3hft7

GitHub - S1ckB0y1337/Active-Directory-Exploitation-Cheat-Sheet: A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.GitHub

Active Directory Exploitation Cheat Sheet - S1ckB0y1337

arsenal/pentest_ad.png at master · Orange-Cyberdefense/arsenalGitHub

Pentesting active directory - Orange Cyberdéfense

Building and Attacking an Active Directory lab with PowerShell1337red

BUILDING AND ATTACKING AN ACTIVE DIRECTORY LAB WITH POWERSHELL - 1337RED

GitHub - Orange-Cyberdefense/GOAD: game of active directoryGitHub

GOAD (Game Of Active Directory) - Orange Cyberdéfense

Attack Methods for Gaining Domain Admin Rights in Active DirectoryActive Directory Security

Attack Methods for Gaining Domain Admin Rights in Active Directory - Sean Metcalf - adsecurity

Homehackndo

hackndo - Pixis

ReconnaissanceThe Hacker Recipes

The Hacker Recipes - Shutdown

dirkjanm.iodirkjanm.io

Dirk-jan Mollema's blog