- Two great resources to have by your side during any Pentest.
- Fantastic website that got me started on Active Directory.
- Although I do not have much experience with attacking Azure AD, I am going to share some resource here that can hopefully help you.
- Azure-Threat-Research-Matrix
- https://github.com/Kyuu-Ji/Awesome-Azure-Pentest - List of software and guides to help you.
- DFIR reports that you can read to learn about Domain compromise.
- Some tools that I have used to enumerate environments
- CrackMapExec - One of the best tools out there for enumeration, gaining a foothold and post exploitation. Make sure to support the developer!
- NetExec - Since CrackMapExec's developer mpgn has stopped maintaining the project, this new tool is supposed to continue the work. I have not used this new one yet since I have been focusing on web app pentests lately but I will include it here for reference.
- Powershell Port Scanner
- Pretender - LLMNR and IPV6 spoofer to help you obtain net-NTLM hashes. Works with other tools such as the Impacket suite. Check out their blog for more info.
- Impacket suite - Bunch of Python scripts that interact with Windows protocols like SMB to help you compromise hosts. Check out this link for information regarding each script.
- CrackMapExec - CME can also be used for initial compromise using some of its modules such as PetitPotam.
- NetExec
- Some commands for enumeration
- CrackMapExec - Can be used to check which devices you can access and dump creds.
- NetExec
- Where to find further creds
- Checklist for Windows privilege escalation
- Abusing AD Certificate Services
- 64 methods to run mimikatz
- Deploying a VM from the command line - Useful if you compromised an endpoint via Phishing and want to deploy a VM to easily deploy tools like the impacket suite.
- Ping Castle - A C# tool to check AD permissions. Especially useful for internal teams looking to harden their AD.