โข๏ธActive Directory
Initial Attack Vectors
AS-REP Roasting (Internal/External)
Enumerating Hosts and Identifying the Domain Controllers
IPv6 DNS Spoofing (Internal)
Kerberos Pre-Auth Username Enumeration
Kerberos Authentication from Kali
LLMNR Poisoning (Internal)
NTLM Credential Stuffing (Internal/External)
NULL Session Enumeration (Internal/External)
Passback Attacks (Internal/External)
PrintNightmare (Internal/External)
SMB Relay (Internal/External)
Using Faketime for Ad-Hoc Kerberos Authentication
Post Exploitation: Enumeration
Blood Hound
CrackMapExec
Dumping DNS Records with adidnsdump
Enum4Linux
Extracting Kerberos AS-REQ Pre-Auth Hashes from PCAPs
GetADUsers.py
GetUserSPNs.py
LdapDomainDump
LdapSearch
Manual Enumeration
PowerShell AD Module on Any Domain Host as Any User
PowerView
Remote Bloodhound
Post Exploitation: Attacks
DCSync
Dumping Hashes without Mimikatz
Evil-WinRM Alternatives
Group Policy Preferences (GPP)
Impacket-Addcomputer
Kerberoasting
Mimikatz
Pass the Hash
Pass the Key
Pass the Password
Pass the Ticket
Password & Credential Brute Force
PrintNightmare
Spawn Processes as Other Users
Token Impersonation
xfreerdp
ZeroLogon
Last updated
Was this helpful?