Active Directory Penetration Testing and Security
February 21, 2022 ยท View on GitHub
Resources for AD penetration testing and security
Videos by yours truly
Setup Domain Controller and Active Directory For Penetration Testing https://www.youtube.com/watch?v=j5AI-BKXmCw
Create and configure domain accounts for multiple password attacks https://www.youtube.com/watch?v=MigPswiQFOg
Kerberos AS-REP Roasting with HTB Sauna https://www.youtube.com/watch?v=3GvcfQSOj5E
More coming soon...
Pentest/Red Team General
https://zer1t0.gitlab.io/posts/attacking_ad/
https://gist.github.com/jivoi/c354eaaf3019352ce32522f916c03d70
https://lolbas-project.github.io/
https://adsecurity.org/?p=2362
General Active Directory Concepts
https://adsecurity.org/?p=2288
Active Directory Enumeration
http://woshub.com/get-aduser-getting-active-directory-users-data-via-powershell/
http://www.harmj0y.net/blog/redteaming/local-group-enumeration/
https://www.sans.org/security-resources/posters/bloodhound-cheat-sheet/430/download
Authentication Attacks
NTLM
https://www.crowdstrike.com/cybersecurity-101/ntlm-windows-new-technology-lan-manager/
Kerberos Attacks
https://blog.redforce.io/windows-authentication-attacks-part-2-kerberos/
https://stealthbits.com/blog/what-is-kerberos/
http://www.harmj0y.net/blog/activedirectory/roasting-as-reps/
https://m0chan.github.io/2019/07/31/How-To-Attack-Kerberos-101.html
https://stealthbits.com/blog/how-to-detect-pass-the-ticket-attacks/
https://book.hacktricks.xyz/windows/active-directory-methodology/over-pass-the-hash-pass-the-key
Password Spraying
https://github.com/dafthack/DomainPasswordSpray
https://medium.com/walmartglobaltech/windows-for-loop-password-spraying-made-easy-c8cd4ebb86b5
Mimikatz
https://ivanitlearning.wordpress.com/2019/09/07/mimikatz-and-password-dumps/
https://en.hackndo.com/remote-lsass-dump-passwords/#mimikatz-module
https://www.hackingarticles.in/powershell-empire-for-pentester-mimikatz-module/
Lateral Movement
https://posts.specterops.io/offensive-lateral-movement-1744ae62b14f
https://blog.ropnop.com/using-credentials-to-own-windows-boxes-part-3-wmi-and-winrm/
ACLs
Lab Setup
https://github.com/WazeHell/vulnerable-AD
https://thedarksource.com/setting-up-an-active-directory-lab-for-red-teaming/