services.ad-attacks.com Open in urlscan Pro
2606:4700:4400::ac40:93d1  Public Scan

Form analysis
0 forms found in the DOM

Text Content

AD ATTACK BY SERVICES



SearchCtrl + K
 * README
 * DomainController
 * LateralMovement
 * Wordlists
    * Windows Default Writeable Folders

 * website
    * About
    * Author
    * Contact
    * Courses
    * Discord
    * Projects
    * Videos

 * Kerberos Penetration Testing
   * Kerberos Attacks
   * Kerberos Documentation
   * Kerberos Videos
 * AD CS Penetration Testing
   * Page
   * ESC1
   * ESC2
   * ESC3
   * ESC4
   * ESC5
   * ESC6
   * ESC7
   * ESC8
 * Exchange Penetration Testing
   * Exchange Attacks
   * Exchange Documentation
   * Exchange Videos
 * MSSQL Penetration Testing
   * MSSQL Attacks
   * MSSQL
      * learn-mssql
      * local_enumeration
      * msf_modules
      * remote_enumeration
 * SCCM Penetration Testing
   * Page 6
 * MS DNS Penetration Testing
   * Page 1
 * IIS Penetration Testing
   * Page 1
 * WSUS Penetration Testing
   * Page 3
 * WinRM Penetration Testing
   * Page 4
 * LDAP Penetration Testing
   * Page 7

Powered by GitBook


README

Home | Projects | Discord | Videos | Courses | Author | Contact

ACTIVE DIRECTORY PENETRATION TESTING

Welcome to the Active Directory Attacks Documentation for Red Teams!

This documentation serves as a comprehensive resource for understanding various
attack techniques and vulnerabilities associated with Active Directory
environments. Whether you are a security professional, system administrator, or
simply interested in learning about cybersecurity, this documentation will
provide valuable insights into the risks and countermeasures related to Active
Directory attacks.





In this documentation, you will find detailed explanations of different attack
techniques employed by malicious actors to compromise Active Directory
infrastructures. We cover well-known techniques such as Pass-the-Hash, Golden
Ticket, Kerberoasting, and more. Each attack technique is accompanied by a
description, potential impact, detection methods, and recommended mitigation
strategies.



HTB Penetration Testing Certification [CPTS] | Hack The Box

My aim is to help you understand the inner workings of these attacks, enabling
you to identify vulnerabilities within your own Active Directory environment and
implement effective security measures to protect against them. Additionally, we
provide real-world examples and practical guidance to enhance your understanding
of the attack vectors and their implications.

We encourage you to explore the various sections of this documentation, where
you will find detailed explanations, step-by-step guides, and recommended best
practices to secure your Active Directory infrastructure. Stay one step ahead of
potential threats and bolster your organization's security posture with the
knowledge gained from this documentation.

Remember, a well-informed defender is better equipped to safeguard their Active
Directory environment against malicious actors. Let's dive in and strengthen our
defenses against Active Directory attacks!

Happy learning and stay secure!

   

 * Author RFS

   



LEARN ACTIVE DIRECTORY

Header 1Header 2Header 3

Service and Port Numbers

Cell 2

Cell 3

Local Groups

Cell 5

Cell 6

Domain Groups

Cell 8

Cell 9

Domain Groups

Cell 8

Cell 9

Domain Groups

Cell 8

Cell 9

Domain Groups

Cell 8

Cell 9

WINDOWS ATTACK SCENARIOS

ScenarioDescriptionLAB design

Windows Client

Cell 2

Cell 3

Windows Client with AD

Cell 5

Cell 6

Windows Server Standalone

Cell 8

Cell 9

Windows Server with AD

Cell 8

Cell 9

Active Direcory Environment

Cell 8

Cell 9

Active Direcory Multi Forest Environment

Cell 8

Cell 9

ACTIVE DIRECTORY EXTERNAL RECONNAISSANCE

Active Directory (AD) External Reconnaissance is a methodology used to gather
information and assess the security posture of an organization's Active
Directory infrastructure from an external perspective.

ACTIVE DIRECTORY ATTACKS THEORY


Alt text
   

 * Initial Compromise

   
   

 * Host Reconnaissance

   
   

 * Domain Enumeration

   
   

 * Local Privilege Escalation

   
   

 * Administrator Enumeration

   
   

 * Lateral Movement

   
   

 * Domain Admin privs

   
   

 * Cross Trust Attacks

   
   

 * Domain Persistence

   
   

 * Exfiltrate

   

ACTIVE DIRECTORY ATTACKS BY SERVICE TYPE (PROTOCOL)

ProtocolPortDescription

NetBIOS

Cell 2

Cell 3

DNS

53

Cell 6

MsSQL

Cell 8

Cell 9

LDAP

Cell 8

Cell 9

Kerberos

Cell 8

Cell 9

Samba

445

Cell 9

IIS

80 / 443

Cell 9

Exchange

Cell 8

Cell 9

WinRM

Cell 8

Cell 9

SCCM

Cell 8

Cell 9

MY TOOLS ARSENAL DOCUMENTATION

WINDOWS PRIVILEGE ESCALATION

DOMAIN PRIVILEGE ESCALATION

   

 * Attack Privilege Requirements

   
   

 * Kerbrute Enumeration — No domain access required

   
   

 * Pass the Ticket — Access as a user to the domain required

   
   

 * Kerberoasting — Access as any user required

   
   

 * AS-REP Roasting — Access as any user required

   
   

 * Golden Ticket — Full domain compromise (Domain Admin) required

   
   

 * Silver Ticket — Service hash required

   
   

 * Skeleton Key — Full domain compromise (Domain Admin) required

   



AD ATTACKS

Attack TechniqueDescription

Pass-the-Hash

An attack where an attacker steals the hash of a user's password and uses it to
authenticate and impersonate the user.

Golden Ticket

A technique that allows an attacker to forge Kerberos tickets, granting them
unauthorized access with domain-level privileges.

Kerberoasting

Exploits the weak encryption of Kerberos ticket-granting tickets (TGTs) to
extract the password hashes of Active Directory service accounts.

BloodHound

A tool used to identify and exploit Active Directory trust relationships,
exposing potential attack paths and lateral movement opportunities.

DCShadow

An attack that manipulates domain controllers to create a rogue domain
controller, allowing attackers to stealthily inject changes into the Active
Directory infrastructure.

Skeleton Key

A technique that allows an attacker to bypass authentication by injecting a
backdoor password into Active Directory, granting them unauthorized access.

Silver Ticket

Similar to a Golden Ticket, but instead of compromising the Key Distribution
Center (KDC), it targets specific service principals, granting unauthorized
access to specific services.



NextDomainController

Last updated 3 months ago

On this page
 * Active Directory Penetration Testing
 * Learn Active Directory
 * Windows Attack Scenarios
 * Active Directory External Reconnaissance
 * Active Directory Attacks Theory
 * Active Directory Attacks by Service Type (Protocol)
 * My Tools Arsenal Documentation
 * Windows Privilege Escalation
 * Domain Privilege Escalation
 * AD Attacks

Was this helpful?




This site uses cookies to deliver its service and to analyse traffic. By
browsing this site, you accept the privacy policy.

AcceptReject