10/25/20222 min read

AD Basics:

Installing AD server:

Setting up a automated lab:

Installing AD server:

Enumeration: All Active Directory attacks

Active Directory Penetration Dojo – AD Environment Enumeration -1

Low Privilege Active Directory Enumeration from a non-Domain Joined Host

Kerberos Domain Username Enumeration

SPN SCanning
SPN Scanning – Service Discovery without Network Port Scanning

Active Directory Pentest Recon Part 1: SPN Scanning aka Mining Kerberos Service Principal Names

Kerberoasting Cracking Kerberos TGS Tickets Using Kerberoast – Exploiting Kerberos to Compromise the Active Directory Domain. Explains kerberoasting and how the exploitation takes place. Steps for kerberoasting Another blog listing out the steps for kerberoasting. It also has a couple of other attacks DISCOVERING SERVICE ACCOUNTS WITHOUT USING PRIVILEGES

Kerberoasting explained. Also has kerberoasting with rubeus

Kerberoasting without Mimikatz

AS-REP Roasting

Golden Ticket

Kerberos & KRBTGT: Active Directory’s Domain Kerberos Service Account


Attacking Domain Trusts

Pentesting AD

AD Pentest links: a list of possible ad pentesting

Mimikatz and active directory attacks

Unofficial guide to mimikatz

A Red Teamer’s Guide to GPOs and OUs

Sean Metcalf presentations

Attacking kerberos

Ace up your sleep.

Attack Methods for Gaining Domain Admin Rights in Active Directory

How Attackers Extract Credentials (Hashes) From LSASS

How Attackers Dump Active Directory Database Credentials

Scanning for Active Directory Privileges & Privileged Accounts

Detecting Forged Kerberos Ticket (Golden Ticket & Silver Ticket) Use in Active Directory

Pass-the-Cache to Domain Compromise

Attacking sql server trusts

Internal Monologue Attack: Retrieving NTLM Hashes without Touching LSASS

Understanding AD

Using SQL servers for attacking a forest trust

Hacking SQL Server Procedures – Part 4: Enumerating Domain Accounts

Null Session Domain Controller Enumeration


Tools AD Recon Attacking ACLS Get AD credentials GoFetch is a tool to automatically exercise an attack plan generated by the BloodHound application Crackmapexec : Swiss army knife for pentester RedSnarf is a pen-testing / red-teaming tool for Windows environments Automate getting Domain Admin using Empire Get plaintext active directory credentials Rubeus Powershell scripts for AD Recon

Bloodhound Introducing bloodhound

Interesting blogs ****

Red Teaming Links

Link containing more links

Link containing more links

Related Stories