GitHubLinkedInEmail

🔴Active Directory

Definition

Active Directory is a centralized directory service used to manage Windows networks. It stores information about objects on the network and make it easy to configure what is needed.

Intro

Active Directory attacks is a huge topic, a lot of the scenarios depend on the situation of attacker and network infrastructure. this section of the book is about the known active directory attacks and tips/tricks.

Most of the attacks in this section (in real world scenarios as well) are based on the assumption that you already have a low-privilege access to a system inside the internal network or have physically attached your system and you are pass the firewall. normally, you wont see a domain controller out in the open or directly accessible from the internet, so most of the active directory attacks are part of an internal pentest or red team engagement.

The Process

Typically the process of Active Directory penetration testing ( aka internal pentesting ) is like this:

  1. Initial Domain Access ( through a low-privileged user account )

  2. Local Privilege Escalation

  3. Internal Domain Recon

  4. Poisoning / MITM

  5. Domain Admin Access

  6. Domain Dominance ( fancy name for " full compromise " )

  7. Domain Persistence

  8. Asset Access

  9. Exfiltration

Active Directory Kill Chain

Build your own lab

LogoCreating Active Directory Labs for Blue and Red TeamsSEC Consult

Resources

LogoAttacking Active Directory: 0 to 0.9 | zer1t0
LogoDomain ACLsBufu-Sec Wiki
LogoPowerSploit
LogoMicrosoftWontFixList/README.md at main · cfalta/MicrosoftWontFixListGitHub
LogoPayloadsAllTheThings/Active Directory Attack.md at master · swisskyrepo/PayloadsAllTheThingsGitHub
Attack Defense & DetectionActive Directory Security
LogoGitHub - Integration-IT/Active-Directory-Exploitation-Cheat-Sheet: A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.GitHub
LogoGitHub - S1ckB0y1337/Active-Directory-Exploitation-Cheat-Sheet: A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.GitHub

Tools

LogoGitHub - SecureAuthCorp/impacket: Impacket is a collection of Python classes for working with network protocols.GitHub
LogoGitHub - maaaaz/impacket-examples-windows: The great impacket example scripts compiled for WindowsGitHub
LogoGitHub - lgandx/Responder: Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication.GitHub
LogoGitHub - S3cur3Th1sSh1t/PowerSharpPackGitHub
LogoGitHub - S3cur3Th1sSh1t/WinPwn: Automation for internal Windows Penetrationtest / AD-SecurityGitHub
LogoGitHub - Kevin-Robertson/InveighZero: .NET IPv4/IPv6 machine-in-the-middle tool for penetration testersGitHub
PreviousCOM HijackingNextDomain Enumeration

Last updated