Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/DeanOfCyber/Active-Directory-Penetration-Testing-and-Security
Resources for AD penetration testing and security
https://github.com/DeanOfCyber/Active-Directory-Penetration-Testing-and-Security
Last synced: about 1 month ago
JSON representation
Resources for AD penetration testing and security
- Host: GitHub
- URL: https://github.com/DeanOfCyber/Active-Directory-Penetration-Testing-and-Security
- Owner: DeanOfCyber
- Created: 2021-06-28T08:21:32.000Z (over 3 years ago)
- Default Branch: main
- Last Pushed: 2022-02-21T20:14:10.000Z (almost 3 years ago)
- Last Synced: 2024-08-02T16:31:37.284Z (4 months ago)
- Size: 24.4 KB
- Stars: 29
- Watchers: 3
- Forks: 12
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- awesome-pentest-cheat-sheets - Resource Collection #1 - Collection of Active Directory Pentesting resources #1 (☁️ Cloud Pentesting / Active Directory)
README
# Active Directory Penetration Testing and Security
Resources for AD penetration testing and security
## Videos by yours truly
Setup Domain Controller and Active Directory For Penetration Testing
https://www.youtube.com/watch?v=j5AI-BKXmCw
Create and configure domain accounts for multiple password attacks
https://www.youtube.com/watch?v=MigPswiQFOg
Kerberos AS-REP Roasting with HTB Sauna
https://www.youtube.com/watch?v=3GvcfQSOj5E
More coming soon...
## Pentest/Red Team General
https://zer1t0.gitlab.io/posts/attacking_ad/
https://gist.github.com/jivoi/c354eaaf3019352ce32522f916c03d70
https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference/
https://lolbas-project.github.io/
https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Active%20Directory%20Attack.md#active-directory-recon
https://adsecurity.org/?p=2362
https://www.blackhat.com/docs/us-15/materials/us-15-Metcalf-Red-Vs-Blue-Modern-Active-Directory-Attacks-Detection-And-Protection.pdf
## General Active Directory Concepts
https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/get-started/virtual-dc/active-directory-domain-services-overview
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/cc771568(v=ws.10)
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2003/cc759186(v=ws.10)
https://docs.microsoft.com/en-us/windows/security/identity-protection/access-control/active-directory-accounts
https://docs.microsoft.com/en-us/windows/security/identity-protection/access-control/security-identifiers
https://docs.microsoft.com/en-US/troubleshoot/windows-server/identity/security-identifiers-in-windows
https://adsecurity.org/?p=2288
## Active Directory Enumeration
http://woshub.com/get-aduser-getting-active-directory-users-data-via-powershell/
http://www.harmj0y.net/blog/redteaming/local-group-enumeration/
https://www.sans.org/security-resources/posters/bloodhound-cheat-sheet/430/download
## Authentication Attacks
**NTLM**
https://www.crowdstrike.com/cybersecurity-101/ntlm-windows-new-technology-lan-manager/
https://infinitelogins.com/2020/11/16/capturing-relaying-net-ntlm-hashes-without-kali-linux-using-inveigh/
**Kerberos Attacks**
https://blog.redforce.io/windows-authentication-attacks-part-2-kerberos/
https://www.blackhat.com/docs/us-14/materials/us-14-Duckwall-Abusing-Microsoft-Kerberos-Sorry-You-Guys-Don't-Get-It-wp.pdf
https://stealthbits.com/blog/what-is-kerberos/
http://www.harmj0y.net/blog/activedirectory/roasting-as-reps/
https://m0chan.github.io/2019/07/31/How-To-Attack-Kerberos-101.html
https://stealthbits.com/blog/how-to-detect-pass-the-ticket-attacks/
https://book.hacktricks.xyz/windows/active-directory-methodology/over-pass-the-hash-pass-the-key
**Password Spraying**
https://github.com/dafthack/DomainPasswordSpray
https://medium.com/walmartglobaltech/windows-for-loop-password-spraying-made-easy-c8cd4ebb86b5
**Mimikatz**
https://www.sentinelone.com/blog/windows-security-essentials-preventing-4-common-methods-of-credentials-exfiltration/
https://ivanitlearning.wordpress.com/2019/09/07/mimikatz-and-password-dumps/
https://en.hackndo.com/remote-lsass-dump-passwords/#mimikatz-module
https://www.hackingarticles.in/powershell-empire-for-pentester-mimikatz-module/
## Lateral Movement
https://posts.specterops.io/offensive-lateral-movement-1744ae62b14f
https://blog.ropnop.com/using-credentials-to-own-windows-boxes-part-3-wmi-and-winrm/
## ACLs
https://www.blackhat.com/docs/us-17/wednesday/us-17-Robbins-An-ACE-Up-The-Sleeve-Designing-Active-Directory-DACL-Backdoors-wp.pdf
## Lab Setup
https://github.com/WazeHell/vulnerable-AD
https://thedarksource.com/setting-up-an-active-directory-lab-for-red-teaming/