Getting started

This guide/tutorial will teach you the following:
Creating a virtual Active Directory domain lab environment
Credential Replay Attacks
Domain Privilege Escalation
Dumping System and Domain Secrets
Tools like Empire, Bloodhound and ranger
Actual pentest experiences
If you have no idea what you are doing, we recommend reading the Mini guide to Windows  and then begin Building a lab.
If you have an idea what you're doing and/or already have a lab environment I recommend you check out the article Network access to Domain Admin for a general approach to hacking Active Directory domains.
Obvious disclaimer is obvious
The tools demonstrated in this book should not be used in an environment without complete authorization from it's legal owner. I.e. don't be stupid and don't run commands you don't know what does.
Todo list
Stealth - improve article
Introduction to Active Directory
Kerberos and authentication in AD
Introduction to PowerShell
Exploiting MSSQL Servers
Client Side Attacks
Domain Enumeration and Information Gathering
Local Privilege Escalation
Exchange enumeration and attacks
Sharepoint enumeration and attack
Mitigations against common attacks
General recommendations for securing AD
Future plans
Kerberos Attacks and Defense (Golden, Silver tickets and more)
Delegation Issues
Persistence Techniques
Abusing SQL Server Trusts in an AD Environment
Backdoors and Command and Control
Forest and domain trusts in AD
Detecting attack techniques
Defending an Active Directory Environment
​Attacking domain trusts​
LDAP integration with non-Microsoft products

Darth Sidious

Next - GETTING STARTED

External network access to Domain Admin

Last modified 4yr ago

Copy link