Skip to content

DeanOfCyber/Active-Directory-Penetration-Testing-and-Security

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

17 Commits
 
 

Repository files navigation

Active Directory Penetration Testing and Security

Resources for AD penetration testing and security

Videos by yours truly

Setup Domain Controller and Active Directory For Penetration Testing https://www.youtube.com/watch?v=j5AI-BKXmCw

Create and configure domain accounts for multiple password attacks https://www.youtube.com/watch?v=MigPswiQFOg

Kerberos AS-REP Roasting with HTB Sauna https://www.youtube.com/watch?v=3GvcfQSOj5E

More coming soon...

Pentest/Red Team General

https://zer1t0.gitlab.io/posts/attacking_ad/

https://gist.github.com/jivoi/c354eaaf3019352ce32522f916c03d70

https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference/

https://lolbas-project.github.io/

https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Active%20Directory%20Attack.md#active-directory-recon

https://adsecurity.org/?p=2362

https://www.blackhat.com/docs/us-15/materials/us-15-Metcalf-Red-Vs-Blue-Modern-Active-Directory-Attacks-Detection-And-Protection.pdf

General Active Directory Concepts

https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/get-started/virtual-dc/active-directory-domain-services-overview

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc771568(v=ws.10)

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2003/cc759186(v=ws.10)

https://docs.microsoft.com/en-us/windows/security/identity-protection/access-control/active-directory-accounts

https://docs.microsoft.com/en-us/windows/security/identity-protection/access-control/security-identifiers

https://docs.microsoft.com/en-US/troubleshoot/windows-server/identity/security-identifiers-in-windows

https://adsecurity.org/?p=2288

Active Directory Enumeration

http://woshub.com/get-aduser-getting-active-directory-users-data-via-powershell/

http://www.harmj0y.net/blog/redteaming/local-group-enumeration/

https://www.sans.org/security-resources/posters/bloodhound-cheat-sheet/430/download

Authentication Attacks

NTLM

https://www.crowdstrike.com/cybersecurity-101/ntlm-windows-new-technology-lan-manager/

https://infinitelogins.com/2020/11/16/capturing-relaying-net-ntlm-hashes-without-kali-linux-using-inveigh/

Kerberos Attacks

https://blog.redforce.io/windows-authentication-attacks-part-2-kerberos/

https://www.blackhat.com/docs/us-14/materials/us-14-Duckwall-Abusing-Microsoft-Kerberos-Sorry-You-Guys-Don't-Get-It-wp.pdf

https://stealthbits.com/blog/what-is-kerberos/

http://www.harmj0y.net/blog/activedirectory/roasting-as-reps/

https://m0chan.github.io/2019/07/31/How-To-Attack-Kerberos-101.html

https://stealthbits.com/blog/how-to-detect-pass-the-ticket-attacks/

https://book.hacktricks.xyz/windows/active-directory-methodology/over-pass-the-hash-pass-the-key

Password Spraying

https://github.com/dafthack/DomainPasswordSpray

https://medium.com/walmartglobaltech/windows-for-loop-password-spraying-made-easy-c8cd4ebb86b5

Mimikatz

https://www.sentinelone.com/blog/windows-security-essentials-preventing-4-common-methods-of-credentials-exfiltration/

https://ivanitlearning.wordpress.com/2019/09/07/mimikatz-and-password-dumps/

https://en.hackndo.com/remote-lsass-dump-passwords/#mimikatz-module

https://www.hackingarticles.in/powershell-empire-for-pentester-mimikatz-module/

Lateral Movement

https://posts.specterops.io/offensive-lateral-movement-1744ae62b14f

https://blog.ropnop.com/using-credentials-to-own-windows-boxes-part-3-wmi-and-winrm/

ACLs

https://www.blackhat.com/docs/us-17/wednesday/us-17-Robbins-An-ACE-Up-The-Sleeve-Designing-Active-Directory-DACL-Backdoors-wp.pdf

Lab Setup

https://github.com/WazeHell/vulnerable-AD

https://thedarksource.com/setting-up-an-active-directory-lab-for-red-teaming/

About

Resources for AD penetration testing and security

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published