DarthSidious
Darth Sidious
GETTING STARTED
Getting started
External network access to Domain Admin
Intro to Windows hashes
Building a lab
Building a lab
Preparing Kali
Building a small lab
Building a lab with ESXI and Vagrant
Cuckoo malware analysis lab
Initial access
Password spraying
Initial access through exchange
ENUMERATION
Powershell
BloodHound
PowerView
Azure enumeration
Execution
Pass the hash
Responder with NTLM relay and Empire
DeathStar
CrackMapExec
Privilege escalation
Mimikatz
Token Impersonation
Juicy Potato
ALPC bug 0day
Defense evasion
Bypassing Applocker and Powershell contstrained language mode
From RDS app to Empire shell
Stealth
OTHER
Link encyclopedia
Writeups
War stories
Credential access
Password cracking and auditing
Command & Control
SILENTTRINITY
Powered by GitBook

Getting started

This guide/tutorial will teach you the following:

  • Creating a virtual Active Directory domain lab environment

  • Credential Replay Attacks

  • Domain Privilege Escalation

  • Dumping System and Domain Secrets

  • Tools like Empire, Bloodhound and ranger

  • Actual pentest experiences

If you have no idea what you are doing, we recommend reading the Mini guide to Windows and then begin Building a lab.

If you have an idea what you're doing and/or already have a lab environment I recommend you check out the article Network access to Domain Admin for a general approach to hacking Active Directory domains.

Obvious disclaimer is obvious

The tools demonstrated in this book should not be used in an environment without complete authorization from it's legal owner. I.e. don't be stupid and don't run commands you don't know what does.

Todo list

  • Stealth - improve article

  • Introduction to Active Directory

  • Kerberos and authentication in AD

  • Introduction to PowerShell

  • Exploiting MSSQL Servers

  • Client Side Attacks

  • Domain Enumeration and Information Gathering

  • Local Privilege Escalation

  • Exchange enumeration and attacks

  • Sharepoint enumeration and attack

  • Mitigations against common attacks

  • General recommendations for securing AD

Future plans

  • Kerberos Attacks and Defense (Golden, Silver tickets and more)

  • Delegation Issues

  • Persistence Techniques

  • Abusing SQL Server Trusts in an AD Environment

  • Backdoors and Command and Control

  • Forest and domain trusts in AD

  • Detecting attack techniques

  • Defending an Active Directory Environment

  • ​Attacking domain trusts​

  • LDAP integration with non-Microsoft products

Previous
Darth Sidious
Next - GETTING STARTED
External network access to Domain Admin
Last updated last year
Edit on GitHub